The new government in the Netherlands should spend another 833 million euros on digital security. This is a recommendation from the Netherland’s Cyber Security Council. You can read it all in this article from msn news. Significant vulnerabilities are reported with respect to the cybersecurity of Governmental and other organizations. Our opinion? Most CIOs currently treat security and networking as separate islands. The related responsibilities are subsequently assigned to different teams within their IT department. However, as technological limitations disappear due to the ‘rise of cloud’, this approach may deserve re-consideration.
Reinforcing our position
We see that many IT managers who over time have been made responsible for the corporate network infrastructure often demonstrate deep expertise and know-how of the world of networking and related – technologies. Many IT managers have no problem connecting servers, databases, performing route changes, IP subnets, MPLS, and configuring networking hardware. At the NOC, Network Operations Center, the focus is on uptime and availability, achieved by continuous monitoring of the load on the IT environment. For the Network Manager, Information security is simply not a key concern.
Security and Networking
When it comes to securing information and the implementation of related security policies, the security officer, often called CISO ‘Chief Information Security Officer’ comes into play. In the ideal situation, this CISO also has its own budget allocated for this, but in many cases the budget for cybersecurity is spread-out throughout the IT organization. The person in charge of Security often has the wish or plans to allocate work to an external SOC, Security Operations Center, who monitors all events on the network for potential security breaches 24/7. A SOC immediately raises alarm if they detect a potential threat on the network, and then start the analysis and mitigation process. The key challenge for a SOC is filtering out the ‘false positives’ but not the real threats.
A possible scenario
The responsible manager for Network Operations who had neatly arranged his processes around on-premise network hardware and his Telco MPLS network, is now being forced by the business reality to start the transition ‘into to the Cloud’. By continuing his traditional approach, and staying within the traditional boundaries of his department, the company may end up with a spaghetti of multiple cloud and ‘on-prem’ solutions delivered by a multitude of vendors. Such an IT infrastructure that is ‘duct-taped’ together usually is inherently vulnerable, due to its complex architecture. Do not forget that ‘Shadow-it’ was created because managers could buy something themselves with a credit card, for example an extra internet connection, without any CISO being aware of this. In practice, functionality often outplays security, at least this is what we often see…
Merging security and networking
Do you recognize that security and networking are two separate islands or that knowledge about digital security may not be sufficiently shared within your team? Then you may be facing an organizational challenge. Fortunately there is an alternative: one central place where security and networking come together. Merging these two islands typically results in an IT infrastructure that is much more secure. Furthermore, significant cost savings can be achieved.
Agree or disagree?
We would like to hear from CIOs, CISOs, IT managers and IT architects whether they agree or disagree with our statement. We are also curious about the challenges you have in the field of digital security, network performance and new ways of working together.
Download: IPknowledge’s Network-as-a-Service brochure
IPknowledge provides managed internet access and cloud-native connectivity services with enterprise-grade security. Our clients benefit from safe digital performance – without worrying about the operations./span>