Johannesburg, 18 Sep 2017
Modern best practice in technology environments call for a move away from the operational. This is one of the great promises of modern infrastructure and applications: easier orchestration, better automation and projects that deliver value, not barriers. Running the hamster wheel to keep the lights on should become the least of a team's concerns.
Yet this is not happening. IT teams are spending more time on security matters than before - and worse, these are not just the security people, but also the network teams. Keeping systems safe and secure is becoming an all-consuming function in companies, threatening to erode the gains made through modern digitisation strategies.
"There is no getting around it - security is starting to look like a sinkhole for productivity," says Nirvaan Somers, Systems Application Engineer at Concilium Technologies. "It's been known that this is a problem, but the latest survey results paint a much more stark picture."
The survey he refers to is the Tenth Annual State of the Network Global Study from Viavi. Focusing this year on security, it received an avalanche of responses around the topic - already front of mind for many technology professionals, but for all the wrong reasons.
Nearly all enterprise network teams spend a lot of their time troubleshooting security issues. This was already a high number - last year's survey pegged it at 85%, but now this has reached 88%. In addition, over 80% of respondents say the time their network teams spend on security issues has increased. Across the survey, three out of four respondents spend up to 10 hours a week working only on security-related problems.
Why are network teams increasingly being consumed by security issues? Viavi's survey may have the answer: ambiguity. When an anomaly occurs, teams have to determine if it is a security or network issue, drilling down to system and application specifics. Since the network teams are the ones with visibility of all traffic - and as such maintain the benchmark for what is normal behaviour - they are an inevitable part of good security practice. This is reinforced by their ability to make quick policy changes, such as blocking specific IP addresses.
"Network teams are spending a lot more time and money battling security issues, because they are key to that strategy," explains Somers. "But this may not be taken into account when their overall workloads are designed. Networks teams are key to any digital strategy and transformation being implemented. This is creating a conflict that many companies don't seem to realise exists."
The survey illuminates this point: despite the increased time requirement to help with security issues, network teams are still also tasked with implementing new technologies such as software-defined networks, cloud-hinged systems, big data initiatives and other network-related upgrades. This is evident from the growing amount of bandwidth being consumed by companies: most respondents, many of which are already busy with adopting high capacity networks, expect bandwidth usage to grow by 50% in the next 12 months.
As such it is clear network teams are the tip of the spear for the business' competitive future. Yet they are as vital for operational security tasks. The survey highlights six security roles that network teams have to fulfil:
* Actively reporting network anomalies to security teams;
* Validating security tools are configured properly;
* Investigating security breaches after an incident;
* Ensuring virus or worm clean-up;
* Assisting security with active investigations; and
* Implementing preventative measures.
To address this growing conflict of time and resources, Somers suggests companies must understand what their normal is:
"You need to know what the traffic on your network is supposed to do and notice when it isn't. Start comparing network behaviours, using free tools such as Wireshark, or commercial NPMD tools when line speeds make 100% packet capture impossible using a standard PC network interface. Make it easier for the network teams to roll back traffic patterns and do retrospective analysis. To do this, you need historical data, namely long-term packet retention. This could be done with edge appliances, such as EDR technology."
But technology alone can't fix this problem, he concludes: "Network teams are being consumed by security issues because they are a vital part of the solution. Collaboration between the network and security teams is critical and must be cultivated. Look for overlaps and get them more comfortable to devise complementary strategies. The more empowered they are to tackle anomalies on the network, the quicker they can get back to the projects that take the business forward."
Share