A lack of business network visibility is resulting in a series of common internal disconnects between IT, network and security functions, with 84 percent of security and IT teams admitting a negative relationship, according to a new Forrester survey.
Business security, IT and network teams are still working in silos, often without cohesive overarching strategy and suffering from misaligned priorities and discord as a result, according to new analyst research. The slew of disconnects might go some way to explain why a massive 84 percent of security and IT teams admit they don't have a positive relationship with one another, according to Forrester analysts.
Almost two thirds (59 percent) of European IT heads believe it is very challenging to gain end-to-end visibility of their network, with almost half saying this lack of visibility is a major concern. More than a third (37 percent) believe the challenges associated with this lack of visibility has resulted in misalignment between security and IT teams.
That misalignment is clear from business prioritisation, with IT’s top priority being efficiency (according to 51 percent surveyed), while security teams are tasked with incident resolution (49 percent). Though new security threats require visibility across the entire IT infrastructure, less than three quarters of security teams are involved in executing the organisation’s security strategy, and only a third (38 percent) of networking teams are currently involved in the initial development of security strategies.
However, 60 percent of networking teams are involved in the execution of security, leaving a substantial disconnect.
Jeremy Van Doorn, senior director of systems engineering, software defined data centre EMEA, VMware told SC Media UK that: “We need to move away from bolt-on security as an afterthought, it needs to be integrated from the outset. However, collaboration is the solution here - not only internally between business functions, but also externally when sharing information about successful - or unsuccessful attacks. The hackers are very good at sharing information about zero-days and vulnerabilities - the defenders need to catch up and learn to collaborate better.”
That disconnect exists despite a significant percentage (45 percent) of respondents recognising that a consolidated strategy could help reduce data breaches and more quickly identify threats. More than half of organisations want to collaborate better and move to a model of shared responsibility in the next three to five years, where IT security architecture (58 percent), cloud security (43 percent) and threat hunting response (51 percent) is shared between IT and security teams, according to the research by VMware in partnership with Forrester. However, this jars with more than a quarter (29 percent) that have no plans to implement a consolidated IT and security strategy, despite of the benefits on offer.
Van Doorn continued: “We need to become more vocal as an industry to gain and keep the attention of the CEO. Although CEO’s are in general much more interested in business security functions - regulation such as GDPR has helped a lot here - there is still a long way to go in terms of board-level buy-in and awareness.”
The survey also found that current strategic goals for businesses are increased security (55 percent), technological advancement (56 percent) and the ability to respond faster (56 percent).