Half of CIOs say a lack of collaboration between specialist teams hampers digital transformation, according to data released by Netskope Wednesday. The company surveyed 2,675 global IT professionals.
There's a disconnect between network and security, with nearly half of professionals from both fields describing their relationship in negative terms such as "combative" or "dysfunctional," according to the report.
The network and security disconnect puts digital transformation projects at risk, as both teams are pursuing projects. Among the 87% of participants working on a project currently, 62% involve networking and security transformation.
Digitally transforming a business requires collaboration — not just the type of software tool, but the business practice as well.
The need to secure the organization while operating remotely heightened differences between the network and security camps, said Mike Anderson, chief digital and information officer at Netskope. But a disconnect was brewing prior to the pandemic.
"The networking team feels like they're the boots on the ground doing a lot of the heavy lifting when it comes to a lot of the security stack," said Anderson. When CISOs report outside of the CIO, that can lead to further estrangement if "completely different sets of priorities" are set at the higher level.
Fragmented IT and security outfits could be less effective at protecting the organizations, as cybersecurity is a team effort. Yet 37% of global IT professionals say "the security and networking teams don’t really work together much," according to the report.
"It can sometimes feel like the two groups have competing priorities," said Giordon Gill, IT director at Eagle Hill Consulting, in an email. While IT teams focus on customer service and closing help desk tickets, workers from the security unit "are more focused on how changes to the environment, new applications, and new services impact the organization's cybersecurity posture."
In the event of a critical event such as a cyberattack or breach, companies need to assign an overarching crisis management team in order to coordinate all the work streams, Jerry Bessette, senior vice president and lead of Booz Allen Hamilton's Cyber Incident Response Program, previously told CIO Dive.
Addressing the disconnect between the units starts by giving them common problems to tackle.
The companies that succeeded at pivoting to remote work, and managing the associated IT and cybersecurity challenges were the companies that said "forget about the organizational chart: Let's get a cross-functional team together and focus on solving the problem," said Anderson.
The report laid out three practical courses of action to tackle the security-network disconnect:
Enable DevOps: The methodologies of DevOps — as well as DevSecOps — carry over well to enable network-security collaboration.
Blending operation centers: The concept of a security and network operations center (SNOC) combines the security and network hubs to strengthen a company's ability to respond.
Prioritize business-critical metrics: Leadership needs to know how networking and security are working together. Metrics such as mean time between failures (MTBF) or customer satisfaction can help.
"As the person who oversees IT and security, I see how both working together improves the client experience," said Gill.
A joint approach also helps accelerate transformation projects, since context switching can hamper a team's ability to address their priorities. By combining efforts, companies can also lower the need to hand off tasks from one team to the other.
"The more things get stuck in queues between teams, the slower you can move," said Anderson.