73% of enterprises suffer security and compliance issues due to internal misalignment
According to Enterprise Management Associates (EMA) and BlueCat’s recently published research report, nearly 3 in 4 enterprises (73%) have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams.
For security leaders who have spent much of the past five years on better integrating with networking, this represents a newly opened Pandora’s Box of risk that must be addressed.
The research, based on a survey of 212 networking and cloud professionals, found that the consequences of dysfunction between these teams extend far past the security realm. Not only do a shocking 72% of enterprises struggle to realize the full benefits of their cloud investments, but survey respondents admitted to experiencing a long list of repercussions. In the past year alone:
- 89% experienced IT operations challenges, such as delayed application rollouts and poor user experience
- 82% suffered business problems, such as customer churn and lost revenue
- 73% of surveyed organizations suffered security or compliance issues, such as regulatory fines or data leaks
Misalignment between the network and cloud teams looks very similar to the historic disconnect that the network and security groups have been working to overcome: they’re separate groups, led by different leaders, who have distinct goals. Except, here, it begins with the notion that one group is too slow to meet the needs of the other. Of course, it’s easier to set something up in a sandbox. Harder – but more crucial – is to integrate that something into the broader networking and security ecosystem.
We’re seeing this dysfunction come to a head now more than before because many organizations are coming up on the tipping point of their cloud initiatives. They’re outgrowing their proverbial sandbox, and the applications are coming out to play with the broader network.
Security leaders must concern themselves with the findings of this research because it has direct implications for their teams. Below are suggestions that security leaders can act on.
1. Advocate for integration among C-level peers
Only 34% of networking and cloud pros believe their executive leadership does a very good job of supporting collaboration. The number doubles at enterprises who consider themselves to be very successful at realizing the full benefits of their cloud investments.
Leaders who push responsibility for supporting integration down to lower levels are less likely to properly support their teams. Already, 41% of cloud adoption is not led by centralized IT leadership, but rather by non-technical leadership, or individual business units, and individual developers. They clearly haven’t managed to figure it out.
As a security leader, involving yourself in discussions between your cloud and networking peers may help establish some of the right process up-front, which is needed to support your programs and reduce risk as well.
2. Support the [re]unification of critical functions like security, compliance, DDI
EMA recommends unifying certain key functions. Among them: security, compliance, DNS, and IP address management. In an example of what not to do, EMA cites the data on respondents who indicated some level of siloing in their IP address management. Nearly all were also unsuccessful in realizing the full benefits of their cloud investment.
As cloud adoption threatens to fragment the network, advocate for the unification of services you consider critical. Security and compliance are natural candidates, but DNS, DHCP, and IP address management are paramount as well.
3. Ensure teams adopting the cloud are well-stocked with the necessary skills, including security concepts and cost-monitoring
Finally, IT execs need to close the skills gaps between the cloud and networking teams. The skills that respondents indicated are most important to have when designing, building, and managing hybrid and multi-cloud networks include:
- cloud provider network feature skills
- network security concepts
- cost monitoring/management, and interpersonal skills
These are what both teams should focus on when trying to close skills gaps.
These skills gaps can be closed via training, by giving network and cloud teams access to technologies and tools used by their peers in the other silo, or simply by staffing teams with people who have those skills. Either way, shared access to tools and technology will give these teams hands-on experience that will help them to acquire the necessary skills, but leaders need to fill the gaps today.
Offering to make somebody from your group available if you see that your cloud center of excellence doesn’t have anybody is a worthwhile move.
Ultimately, successful cloud adoption, from a business, operations, and security perspective, requires strong alignment between the diverse group of professionals who truly understand the network’s requirements. While the research focused specifically on the relationship between cloud and networking teams, the security leader’s role here is evident.