Governance, compliance, security: How are these network problems?

As Spider-Man's uncle told him, "With great power comes great responsibility." That advice is becoming increasingly fitting for network operations.

The network's importance grows with the delivery of increasingly complex, componentized services. Just keeping the network up and running is difficult enough, but now increasing threats to operations are posed by more and more sophisticated attacks on enterprise infrastructure and assets as well as the continuing proliferation of mobile devices with access to enterprise networks. These additional responsibilities are forcing network staff to make operational decisions based on issues of corporate governance, security and compliance.

What's the fuss about?

The problem is threefold:

   1. Increasingly sophisticated and dynamic services are exposed to greater threats.
   2. The decisions of independent teams that address security, governance, risk management, and IT and network operations directly influence and impact each other.
   3. External oversight is becoming more intrusive, specific and dynamic, backed by increasingly harsh penalties for even the perception of insufficient efforts at compliance.

Good governance requires management that effectively exploits corporate assets. Security teams identify threats and set appropriate policies to respond to attacks. Risk management dictates policies to manage and adjust the risk associated with management decisions. IT and network operations form the infrastructural and operational nexus to implement, execute, maintain and report on the dictates of these management bodies. Everyone works on their respective area of expertise and interest with tools designed for their special purpose.

Almost invariably, the various teams operate and make decisions in silos using data they collect independently -- often in different formats and with no attempt to assure cross-team consistency. With little coordination or communication, the inevitable results are policies that, when IT and network staff attempt to implement them, are overlapping, inefficient and even conflicting. The problem extends to infrastructure operation decisions where, for example, configuration and attachment policies can open security problems or cause service delivery problems.

What's to be done?

Today's network operations staff no longer simply maintains communications. It's also intimately involved in and contributory to business success. This means these network pros have a responsibility to try to work with the other teams to resolve the dilemma of siloed teams. Here are five things network operations staff can do to start on that path:

   1. Recognize their responsibilities as members of an extended team. Make their technical expertise available to the management teams; help management teams understand how their decisions and recommendations can be implemented and how they affect network operations.
   2. Understand not only how network operational decisions, actions, policies and procedures affect network performance but also their impact on business operations, the potential impact on security, compliance, risk management and governance.
   3. Work with other IT staff to develop and promote solution acquisition strategies that will mitigate the problems of the siloed tools that are used by teams today; e.g., consider moving toward an integrated solution platform.
   4. Develop and implement tactics to initiate cross-team communication, information sharing, cooperation and coordination.
   5. Initiate a project to see how existing in-house tools can be used to support cross-team efforts.

This isn't an exhaustive list but it provides a good start. Compliance, security and governance are now network problems. And the faster you begin to act on them, the better the network will be.