How to converge networking and security teams: Key steps

Steps to networking-security convergence

One of the first products of the collaboration is combined leadership in networking and cybersecurity that does the defining. This group should include people from across the existing organizations. The more people understand the objectives and goals of the effort, the constraints of budget and staff, operational requirements, and the logic of the new organization, the better they can align their own efforts to meet those goals and achieve those objectives.

Once formed, the combined leadership group should focus on the following tasks:

• Define a clear set of objectives. These should include definitive goals, such as "become 50% more effective in incident response by Metrics A and B within three years" or "make the network 50% more secure by Metrics C, D and E within three years."
• Define intermediary goals. These would include targets such as "determine whether an event is a security incident or a network incident within five minutes, with 90% accuracy in the first year" or "reduce known vulnerabilities in the network by 20% in the first year after merger."
• Create the teams overseeing how the new department will work. These groups will do the hard work of redesigning the combined department. They will tackle organizational structure, job descriptions, and policy and process rationalization. At the same time, define tiger teams to identify and execute on quick wins. These accomplishments can maintain enthusiasm for the merger and cement support from leadership.

Roadblocks and strategies to get past them

One major challenge to converging network and security teams is organizational. Networking teams usually report to a director or vice president who reports to the CIO, while cybersecurity teams often report to a CISO. Merging the teams means picking one as the path to the C-level or building a matrix structure. It also means hoping the chosen structure both ensures accountability to the top of the organization and secures full institutional support for the new, merged team.

One aspect of that full institutional support is money. Network budgets are flat or in decline for most organizations, as are staff levels. Cybersecurity budgets, on the other hand, are mostly still growing, as are teams when anyone can be found to fill open positions. A combined organization must minimize the risk that the merger will decrease the perceived level of investment needed.

The need to minimize the risk of merging the organization highlights the biggest underlying challenge: the politics of technology budgeting and staffing. Few organizations rank major investments in networking as strategic. The existential risks associated with cybersecurity make investing in that arena highly strategic and highly visible.

To that end, the most direct way to address these challenges is to bring the new organization together under the CISO. Capitalize on the tenor of the times to spread some of cybersecurity's cachet over the network. Make it clear that designing, building and managing a secure network is crucial to the effort of reducing cyber-risk overall. Treat the network as a part of the cybersecurity architecture, and invest in it to make sure it is a supremely capable part.

John Burke is CTO and principal research analyst with Nemertes Research. With nearly two decades of technology experience, he has worked at all levels of IT, including end-user support specialist, programmer, system administrator, database specialist, network administrator, network architect and systems architect. His focus areas include AI, cloud, networking, infrastructure, automation and cybersecurity.