CIOs focus on operational issues like network and application performance, uptime, and workflows, while CISOs stress about malware, access control, and data exfiltration. The intersection of these concerns is the network, so it seems evident that CIOs and CISOs should work together instead of clashing over budgets and tools. In this post, network security analyst David Monahan makes the case for finding a solution that can keep both departments continuously and comprehensively well-informed about infrastructure, systems, and applications.
Cooperation on Network Analytics Brings Better Business Outcomes
Whether your title reads Chief Information Officer or Chief Information Security Officer, there’s an ever-growing list of concerns driving your agenda. For CIOs, the focus is on operational issues such as network and application performance, uptime, and workflows. For CISOs, the stress is about malware, access control, and data exfiltration. For both roles, the list of challenges often seems like more than can be adequately managed with available resources. Though IT budgets are increasing overall, especially for security, the demands on those budgets are also intensifying. So to maximize the impact of every dollar it’s in the interest of CIOs and CISOs — whose roles each contribute to the success of the other — to find common ground wherever they can.
At the intersection of CIO and CISO issues and concerns is the network and its underlying infrastructure. These vital pathways for information impact virtually every facet of business operations and security, especially for businesses that are Internet or wide-area network dependent, such as e-commerce companies or enterprises that are geographically distributed.
From the CIO perspective, network issues related to bandwidth constraints, latency, congestion, and packet loss are all tightly interconnected. The first three set the stage for the last, ultimately leading to customer frustration, abandoned transactions, and loss of revenue. From the CISO perspective, meanwhile, the network is the gateway to the business for attackers. Whether an internal or an external threat-actor is involved, over 95% of attacks traverse the network at some point during reconnaissance, data collection, or data exfiltration.
Given that the network is an obvious point of shared concern, or at least should be, for all CIOs and CISOs, it seems equally obvious that these two roles should be working together to find tools that support both operations and security out of the same console using the same dollars. But having been in security and network operations for over 20 years before becoming an analyst, it is amazing to me how many organizations seem to be at odds over budgets and tools, in some cases getting into severe turf wars that negatively affect the ability of both teams to function optimally.
What should CIOs and CISOs be doing instead? Cooperatively finding solutions that can collect and analyze data from the network in as close to real time as possible so that they can keep well-informed — continuously and comprehensively — about their infrastructure, systems, and applications. Today, network analytics are more advanced than ever, drawing on algorithms and tools that are far beyond what was available even five years ago. Both IT and Security operations teams can benefit greatly from the crucial information that this latest generation of analysis solutions can reveal.
It’s important to realize that the available solutions are not by any means all created equal. So to take full advantage of the latest advances you need a clear understanding of your requirements before you step into the ring with vendors. Specifically, you need to know the attributes and capabilities that a solution must have in order to enable your organization to identify, troubleshoot, and isolate issues that affect both operational performance and security. It’s up to CIOs and CISOs to speak with their operations teams to define those requirements.
At a minimum, each team should be able to identify the areas in which it’s critical for a network analytics solution to provide detailed, timely insight, such as major traffic sources, network delays, routing, communications patterns (especially changes in ports, sources, destinations, and highs and lows), latency, and transactions. Greater understanding in these areas will improve each team’s ability to find their culprits. Having common tools to achieve that understanding will not only reduce budgetary pressures but also increase workflow productivity and cooperation, making those tools a win-win-win for the company.
David Monahan is a senior information security executive with years of experience in physical and information security for Fortune 100 companies, local governments, and small public and private companies.