InfoSec vs NetOps: Is Datacenter Detent Possible?

“Oh, the farmer and the cowman should be friends” – Rogers & Hammerstein, “Oklahoma!”

The modern office environment has its fair share of rivalries, competitions, and friction. In some companies, interdepartmental politics abound,  project teams put “frenemies” in direct contact with each other, or a heated exchange can impact an entire career. This affects IT Professionals as much as any other career area (some would say more).

There’s one IT rivalry I have seen consistently in almost every organization, and that’s between the team responsible for security (InfoSec) and the team in charge of network monitoring and operations (NetOps). In many companies, the dynamic is almost co-predatory, with each side attempting to completely obliterate the efficacy and credibility of the other.

The classic characterization is that

1) the Monitoring team wants/needs complete access to all systems in order to pull reliable and accurate metrics;

2) While the InfoSec team wants to lock everyone out of all systems in the name of keeping things “secure”

But it’s patently not true. At ThwackCamp 2015, security industry powerhouse Charisse Castagnoli (c1ph3r_qu33n here on Thwack) and I sat down for a frank talk about the pressures of our respective roles, and then brainstormed ways to get InfoSec and NetOps/Monitoring working together rather than in opposition.

One of the things we hit on was the good old lunch-and-learn. A lot of the friction between security and monitoring comes from a good old communication disconnect. Not knowing about the current pressures, priorities, and projects on the other side of the cube wall typically leads to frustration and loathing. The solution is to regularly sit down to hash it out, and find ways to augment, rather than short-circuit, each other’s efforts.

During our talk Charisse and I challenged viewers to set a table, along with a meeting request, and record notes of how the conversation went (You had a food fight? We want to see pics or it never happened!). Post those notes (and pictures) below, and we’ll select some of the best ones to receive 500 thwack points.

  • Excellent topic.

    Monitoring issues a threat to security because monitoring uncovers the network and stores compromising details such as topology, protocols, vulnerabilities etc.

    Security is first and foremost about obscurity, this is also known as security through obscurity = security = secrecy.

    Policies in security mandate that you control who has access to details about topology etc. It is therefore crucial that these details are obscured and only accessible by a specific group.

    Herein lies the problem. InfoSec and NetOps groups both, store crucial information that are managed differently. NetOps would unknowingly hand out information that violate security policies and InfoSec are unable to do anything about it since the information is out of their reach. Facepalm. Is there a solution to this? Apart from having a stringent information access control policy, which would be step one; merging the two teams under one roof would be a good start.

    That however is easier said than done, since keeping a secret isn't something that anyone can do. What you're left with is the need to educate everyone about security principals since security is/should be the number one priority.

  • Jfrazier Yeah, I have seen how SecOps running against NetOps can cause some issues. For me I started out NetOps and later became SecOps. It helps to have an understanding of both sides of the coin. I also see the value of working together, there are a lot of overlaps in the kind of information collected.

  • These teams should work hand in hand since they both utilize some of the same data.

    I know the infosec teams tend to have a superiority complex, well some do.  In some shops they don't play by the same rules as all the other teams...thus their devices are not in DNS (in the name of security), they only want them monitored after they get bit by a full disk drive, etc.  In the end, we all all on the same team striving towards the same goal.

Thwack - Symbolize TM, R, and C