SOUTHFIELD – There?s a dangerous communication gap in today?s enterprises ? Networks Operations and Security Operations are working in independent vacuums. This gap, rather than closing, is only growing larger and more hazardous. As budgets face resource squeezes and groups war for people and monies, companies are turning their own strengths, their people, against themselves.

This battle breeds chaos and disharmony. Critical infrastructure teams, those responsible for the health and well-being of an organization, who do not work together, become antagonists. When network and security management knowledge is viewed as something to guard jealously rather than share openly, the company suffers. Firewall rules, router ACLs, anti-virus signature distribution, and patch levels are but a few examples of the many intersection points where network and security operations depend on each other for functionality.

The patch problem is a particularly high visibility issue. Because affected systems and servers live in different subsidiaries and business units, sharing information about current state patch levels or allowing a centralized team visibility and control over the patch levels may be seen as losing control. It doesn?t have to be so ? systems must be patched. Federating the specific responsibility for patching and calling for cross-enterprise accountability over full patch-state levels can de-politicize the issue without putting the company at risk.

The sharing of a common vision, made real by the strategic distribution of information, is a joint effort. Proven failures of IT management, virus outbreaks, defaced web servers, stolen intellectual property have built recognition that NetOps and SecOps can no longer silo their knowledge from each other. Going forward, these groups must work together and leverage the available and emerging tools to help make this possible.

The Divided Enterprise

Look into many of today?s organizations and the turmoil is apparent. NetOps/SysOps are often at odds with the work being done in the SecOps side. The problem is that these teams have grown organically at different rates and with different agendas inside the enterprise. NetOps/SysOps have been a critical function since the ?dawn of IT? and have at their disposal a set of mature tools and techniques. SecOps, on the other hand, is a relatively newer discipline, with emerging management tools that frequently don?t speak directly the ones used by NetOps.

To further complicate matters, a political distribution of agendas and duties contributes to the split between these groups. Chain of reporting can be tracked up to different masters, with one team responsible through audit and the CFO or CIO, and the other group chaining to the CTO or CSO. How the reporting sits in the hierarchy can negatively impact the teams shared effectiveness if each is answering the bidding of a different ?master? with potentially competing goals and agendas.

Yes, moving forward, auditing will continue to be of absolute importance to why teams must work together. As legislation, such SOX and HIPAA drive accountability for control sign off to the highest level, the regular audits are becoming not simply a ?thing to pass? ? but a compelling force for monitoring and maintaining the risk level state of health that allows the company to move forward as quickly and safely as possible.

?Oftentimes the teams use different lexicons, different tools, and different policies. While the information from one tool set, such as the Net Management, may be reporting an ?all clear?, the Sec Management tools could indicate otherwise based on the more security minded configuration. While network management is based on the premise of attempting to keep systems running as expected, security tools focus more on preparedness for when someone or something nefarious attempts to circumvent the controls and must be thwarted in that attempt.

The end result of all of this is that corporate operations are ?Falling into the Gap?. Vulnerabilities identified in one are not properly communicated to the other. Reductions in business intelligence and continuity ensue. In an already dangerously squeezed resource world, efforts are duplicated and wasted by concentration on myopic and redundant systems that report an inaccurate view of overall status and may give false sense of preparedness. In an ever increasingly IT dependent world, this ?Gap? can not persist or companies will fail.

Why the Gap Must Be Bridged

Integrating the vast intelligence of all the operations teams is an imperative for successful business function. By sharing the information gathered by the tools and groups, companies will be able to meet the challenge of doing ?more with less,? because information will be correlated and contextualized across the organization.

Without a clear plan of action, and a coherent strategic goal, many companies find themselves in a state of after the fact panic when a vulnerability is discovered. If the chain of reporting and remediation responsibilities is not established before a disaster occurs, when one does, the disparate teams often find themselves scrambling for a solution.

The Security Team finds a breach, such as a worm attacking critical databases, and must open emergency bridge lines and call last minute meetings with the Networking group to ensure that the affected servers are isolated and patched without causing further disruption. When reacting in alarm mode ? people that may not need to get involved, often are, because no one knows who to call or how to address the issue effectively, because a coherent response plan was not in place prior.

To obviate such disorder, companies must increase awareness by addressing the inaccuracies introduced by atomic, disconnected tools and to decrease the exposure that results from a lack of accurate visibility into overall status. Case in point is that most NOC (Network Operations Centers) are required to run on a 24/7 schedule with no down time.

SOCs, however, may less robustly staffed. For NOC tools to be able to leverage the information from the SOC, both sides must report on a consistent and symbiotic schedule that delivers awareness round the clock. It is of little use if a vulnerability tool reports on a problem at 4a on a Saturday morning, if there is no way to get this information to the affected systems in the NOC before 9 a.m. on Monday.

Best practice management for both NetOps and SecOps should consist of three basic foundational functions:

Real-Time Monitoring ? for business continuity, disaster recover, and liability minimization

Post-Event Analysts ? for reporting, capacity planning, preventative strategies, queries, and forensics

Communication ? for contextualization and response, hierarchical view sets, and business and event prioritization in relation to available assets

While the NOC continues to function as the ?brain center? for the overall enterprise, it is fed critical security events from the SOC, or security management tool, as needed. Both teams share information, rather than compete for it.

Building the Bridge

The result of this approach is that the teams, by learning how to work together, can bring order out of the existing chaos. Politically, these groups, must cross-pollinate information and goals for the benefit of the entire organization. To make this happen, the directive must start at the very top, from the executive level, with a clear vision towards mutual goals, rather than competing resources.

To accomplish this from a technical perspective, administrators need tools that work together. There are already seasoned, trusted NetOps tools deployed throughout most large companies. And the capacities of these tools must be shored up and complimented by the introduction of open, aware, and robust