In our last newsletter, we pointed out that a lot of enhanced capabilities have been added to the IT function in general, and to the network in particular over the last few years. But adding functionality increases the tendency of IT to be organized around silos which makes many aspects of IT, notably troubleshooting, more difficult and time consuming. We also pointed out that we do not see senior IT management taking aggressive steps to mitigate the impact of these silos.

Today we’ll discuss an organizational change that many vendors propose as a way to reduce the impact of silos. That change is the combination of network and security operations. One of the arguments raised by these vendors is that the majority of security incidents are not caused by some malicious person outside of the organization but are caused by an employee who is either disgruntled and intentionally seeks to harm the organization, or is naïve and accidentally induces a security incident. The logical conclusion to this argument is that because of the need to monitor internally for security issues, security operations and network operations have a lot of overlap and should be combined.

One vendor which takes this position is Q1 Labs. In an Aug. 24, 2007 press release Q1 Labs discussed the results of its survey of over 9,000 network and security managers. One of the conclusions is that internal malicious behavior and employee carelessness is the No. 1 concern for network and security managers. In that press release, Tom Turner, Q1 VP marketing states: “The old siloed approach to monitoring network, security and identity information separately is outdated and inefficient, especially in light of the recent rise of inside threats.”

At one level, we buy into that argument. It does seem to make sense to combine two functions if indeed there is a lot of overlap. But we also have some serious reservations. Security still remains a more complex discipline than is network monitoring. As such, security is more suited to second and third level support personnel who typically do not reside in the network operations center.

We would appreciate your input. Has your organization made any attempt to combine network and security operations into one group? If so, has it been successful? If you have not attempted to combine these functions, why not?

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.