Conflicting priorities between IT teams are a primary operational and governance gap in organizations, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise.
In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 39% of organizations indicated that conflicting priorities were a primary gap, on par with challenges like insufficient budget and staffing shortages.[i]
“The number one challenge is not having the security solutions that can keep up with exponentially increasing amounts of data,” the report stated. “This is followed by the inability of IT and IT security teams to agree on the activities that should be prioritized to close the IT security gap.”[ii]
Why can’t network and security teams agree on priorities?
Team disagreement is not a new or unique phenomenon. In fact, researcher Behnam Tabrizi found that 75% of cross-functional teams are dysfunctional.[iii] According to Tabrizi’s research, published in part in the Harvard Business Review, cross-functional teams tend to fail on most of these project success criteria: delivering on budget, staying on time, adhering to requirements, meeting stakeholder expectations, and maintaining alignment on goals.[iv]
These types of issues are not uncommon to IT organizations. For example:
- Budget challenges. Network and security teams may share the same pool of financial resources to support/implement projects. Teams may need to negotiate budget allocation or engage in “give/take” exercises that leave both sides unsatisfied.
- Implementation delays. Digital transformation projects—especially those intended to deliver innovative results—often involve unforeseen issues related to technical and vendor inter-dependencies that can slow implementation.
- Meeting requirements. While they may share common objectives for projects, teams may also have discrete network and security requirements that must be met, whether for reasons of compliance, user experience, or business need.
3 new opportunities for network and security collaboration
For many CIOs and CSOs, developing, maintaining, and improving supportive relationships between network and security teams is a top priority. And there are more ways than ever for teams to build bridges and enhance how they work together.
Opportunity #1: Centralize network and security investment decisions
Differences in plans, priorities, and measures of success can make it difficult not only to make investment decisions, but to realize and evaluate ROI. Centralizing investment decision making may help.
According to Ponemon Institute research, organizations that were more effective at closing security gaps were also more likely to centralize decisions about investments in security solutions and architectures.[v]
What team should own the budget? While every organization will decide based on their own dynamics, Ponemon noted that 60% of high performing organizations said the primary responsibility was with the networking or security team (30% each).[vi]
Opportunity #2: Break down network and security siloes with shared tools
In examining how conflicting priorities contributed to gaps, Ponemon Institute noted how disparate products perpetuated misalignment. “Problems are exacerbated by the siloed or point security solutions in organizations,” indicated the report.
Security teams are often challenged by ecosystem complexity and solution sprawl from adding a new tool for every new compliance requirement or capability—a situation that is not only cumbersome and inefficient but can also lead to inconsistencies that widen security gaps.
Where should network and security teams start when it comes to shared tools? The most natural place for collaboration and cooperation is the network. This is because business innovation is often built on new models of connectivity, and infusing innovation with Zero Trust Security principles is key for both organizational protection and cybersecurity compliance. That means the network can now play an essential role as not just a connectivity enabler but also as a cybersecurity defender.
Opportunity #3: Choose the right network to improve network and security collaboration
Both network and security teams can benefit from using the network as a security solution. But not every network can satisfy both missions.
To enhance team collaboration, there are 4 requirements organizations should consider so network and security teams can achieve objectives using the same shared “toolbox.”
- Zero Trust Security built in. By design, the network should deliver on the principles of no-implicit trust, least-privilege access seamlessly enforced from edge to cloud, and continuous monitoring.
- Common policy framework. The right network simplifies policy expression and implementation so that both teams can define their desired outcomes and trust the results.
- Integration with the security ecosystem. In its unique role as the touchpoint for all IT activities, network data can be the source of truth for both operating the network and delivering security-relevant information to other security solutions.
- AI-powered analytics. AI can multiply the human capabilities of both network and security teams, so they can manage and protect at scale.
Here’s an example of how network and security teams can use the network to achieve shared objectives. Network and security teams are challenged by rogue devices that find their way onto the network. Not only are they a source of vulnerabilities, they also are not governed by any access control policy. By applying AI to network telemetry, devices are discovered and fingerprinted with a high degree of accuracy, allowing access control policies to be automatically applied.
Elevate network and security collaboration
Security-first, AI-powered networking from HPE Aruba Networking is built on Zero Trust principles, providing a common foundation for networking and security teams to power distinctive experiences and innovative business results—without sacrificing cybersecurity protection. With HPE Aruba Networking solutions, the network can now provide advanced visibility, insights, centralized policy management, data protection, threat defense, and access control in a single platform. Our AI-powered networking approach also helps network and security teams benefit from intelligent automation that reduces manual effort, improves visibility and anomaly detection, and enhances monitoring and diagnostics, all of which ensures the organization is not exposed to unnecessary risk.
Find out how HPE Aruba Networking security-first, AI-powered networking can help support network and security team collaboration:
- eBook: Easing Zero Trust Security adoption
- Solution brief: The network as a security solution
- Business paper: Unified SASE with Zero Trust powers the digital enterprise
-------
[i] Ponemon Institute. The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud. March 2023.
[ii] Ponemon.
[iii] Tabrizi, B. “75% of Cross-Functional Teams Are Dysfunctional.” Harvard Business Review. June 2015.
[iv] Tabrizi.
[v] Ponemon.
[vi] Ponemon.
