Innovation Cybersecurity Digital
Maturity Profitability Attracting/
Retaining Talent
88% 86% 85% 86% 82%
34% 34% 34% 38% 36%
48% 46%
54% 52% 52%
Executive Summary
Network Operations (NetOps) and Security Operations (SecOps) share the common goal of delivering an effective, secure employee experience amid an increasingly complex and rapidly changing technology landscape, but they often work separately. This siloed approach can increase the time it takes to investigate and remediate network breaches before they become full-fledged data breaches or ransom- ware attacks. To work more efficiently, optimize budgets and maximize security, greater cooper- ation and collaboration must become the norm.
To understand how companies are approaching this challenge, we surveyed 100 chief infor- mation security officers (CISOs) and 100 chief information officers (CIOs)/chief technology officers (CTOs) at large U.S. companies. It is clear from the results that businesses under- stand the issues that limit collaboration, but many have not made much progress in solving them. We were able to identify the “leaders” in several key metrics, including Innovation, Digital Maturity and Cybersecurity (Figure 1), and compare them with respondents as a whole to see what a typical company could learn from their approach.
Leaders are significantly more likely to be digitally and technically mature than the overall group of respondents. That maturity means they are more likely to have unified NetOps and SecOps teams, and each team is more likely to have its own budgeting and reporting structures.
Among the key findings:
• Collaboration/cooperation is important:
It was the top strategic priority among respondents.
• Those respondents identified as leaders are more likely to prioritize attracting and retaining talent, in part because they feel they have already addressed the issue of collaboration and cooperation.
• Leaders are more likely to have a unified networking and cybersecurity team in place.
• In organizations with separate teams, CISOs are more focused on collaboration around security, while CIOs and CTOs are more concerned with infrastructure innovation and design, as well as vendor evaluation and procurement.
Goals, Roles, Tool Sets and Workflows
Aligning NetOps and SecOps Teams:
Position Relative to Peers
Figure 1
While 8 out of 10 report that their organization is “leading class” in at least one of these metrics, only 21% say they are leading class for all five.
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200, leaders n=42. Q. Please rate your organization’s performance in each of the following areas relative to its peers.
Above Average Leading Class
• Many respondents view a common report- ing structure as vital to unifying teams.
Companies in the leading group are ahead in this area, though nearly all respondents state their organizations have formal and integrated workflows, tools and data, deliv- ering effective collaboration.
“If you aren’t collaborating, if you’re not singing from the same song sheet, you’re going to have a lot of friction. Some tension can be good, but understanding the network is huge in the security space, so the more we can collaborate and work together, the better it is for everyone.”
— DEBBY BRIGGS, AREA VICE PRESIDENT AND CHIEF SECURITY OFFICER, NETSCOUT
Prioritizing Collaboration
Respondents understand that greater coordina- tion and collaboration are vital to improving the performance of NetOps and SecOps teams. This task is the top strategic priority for respondents (Figure 2). Improved coordination requires bet- ter workflow practices and protocols, and these must be communicated in a team vision that tells staff what they are working toward. These objectives were reported as high priorities by respondents, suggesting that alignment efforts are underway but not yet complete.
As companies work toward bridging the gap between separate and unified teams, shared tools are a key stepping stone. With such an emphasis on building an ideal team structure, developing the right workflow processes and providing basic security infrastructure, respondents overall are not able to give much attention to attracting and retaining talent, which is their lowest overall priority.
However, among leaders, who are more likely to have a unified team for both security and
the top priority, with collaboration/cooperation in fourth place. Indeed, with data from the U.S.
Bureau of Labor Statistics forecasting a contin- ued shortage of skilled IT workers—particularly in the fast-growing security field—it’s clear that attracting and retaining talent is an ongoing priority for the entire industry, and that leaders have an advantage over other businesses in being able to prioritize this.
With NetOps and SecOps working together, it’s Figure 2
Leaders Prioritize Talent and Team Vision
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200, leaders n=42. Q. Please rate your organization’s performance in each of the following areas relative to its peers.
Total Leaders
Grow coordination/collaborations across organization
41%
35%
Develop/communicate team vision
35%
43%
Develop internal training to cross train/upskill
29%
29%
Securing digital/technology infrastructure
38%
36%
Seamless delivery of technology security & network ops.
33%
33%
Attracting/retaining talent
29%
45%
Ensure/develop best cybersecurity workflow protocols and practices
36%
33%
Ensure agility into digital infrastructure
30%
19%
Collaborating on digital business strategies
29%
26%
Top Strategic Imperatives Next 1 - 3 Years
keeping the team performing optimally means developing and communicating a team vision, which is the second priority for the leading group. Unlike unifying the teams, which only needs to be done once, organizational vision is something that must be constantly articulat- ed—another area where leaders appear to have an edge.
We can see what the journey to unified teams looks like by examining the workflow processes of leaders. They are more likely to align and share data across teams, provide access to appropriate collaboration tools, offer defined and collaborative workflows, and implement collaborative infrastructure design and deploy- ment. This points to a more mature level of collaboration throughout (Figure 3).
“There has to be a consolidation of tools.
The manual process of incident triage has to be confined to one platform with an integrated workflow. You need to be able to automate policies over many surfaces, identifying the same persona consistently and having an adaptable data policy that considers access, compliance and purpose-determined use of data.”
— CHRIS KISSEL, RESEARCH DIRECTOR, SECURITY &
TRUST PRODUCTS, IDC
Differing Perspectives
The need for greater collaboration is being driven by two main forces: the growth in cybersecurity threats, which is predominantly the responsibility of SecOps, and an increasingly complex network infrastructure responsible for providing critical technology services to the business, which is the domain of NetOps. A unified team needs to balance these priorities—
and it seems that this is largely being achieved by respondents. Slightly more than half of respondents prioritize service delivery over risk mitigation, but the split is close to half-and-half (Figure 4). This is true for leaders versus respon- dents as a whole and for CISOs compared with CIOs and CTOs.
Total Leaders
Figure 3
Shared Tools and Data Alignment Are High Priorities
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200, leaders n=42. Q. Which of the following practices of collaboration, if any, have you implemented with your network and security teams? Please select all that apply
Collaboration Practices
Shared tools for collaboration
66%
57%
Data alignment, shared data across teams
59%
71%
Effective and efficient collaboration tools
55%
76%
Defined and efficient workflows
49%
57%
Collaborative Infrastructure design and deployment
46%
69%
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200. Q. In thinking about balancing potentially competing priorities, please weigh each in terms of how you allocate your time, budget and priorities. Total must equal 100%.
Figure 4
Both CIOs/CTOs and CISOs Are Working to Maintain a Balance Between Service Delivery and Managing Risk
Service
delivery Risk
mitigation
54% 46%
Average
The different responsibilities of CISOs and CIOs/CTOs show in their collaboration prior- ities. More than half of CISOs consider the identification, investigation and remediation of cyberthreats to be the most vital area for collaboration. For their part, around one-third of CIOs and CTOs consider infrastructure innovation and design to be a major priority, compared with just one-quarter of CISOs. A similar proportion of CIOs and CTOs say that vendor evaluation and procurement are priori- ties, compared with barely a fifth of CISOs.
“Risk mitigation isn’t about saying no.
It’s about educating people on what the risks are. And more importantly, working with the IT team and the business team to figure out how we can say, ‘Yes, and here is how we do it.’ That’s the conversation that you have to have.”
— DEBBY BRIGGS, AREA VICE PRESIDENT AND CHIEF SECURITY OFFICER, NETSCOUT
Structure Matters
While important, priorities such as organization- al vision, shared software tools and common goals can’t drive integration by themselves. It’s too easy for separate departments to drift back into separate ways of working. For NetOps and SecOps to be truly aligned, many respondents believe that a common reporting structure and budgetary independence are key solutions.
Leaders have a head start in adopting this approach.
Almost 7 out of 10 leaders say that security and networking are the responsibility of a single team in their organizations, compared with less than half of respondents overall. However, in a clear indication of the importance of collab- oration, nearly all respondents say that, at the very least, they have integrated workflows, tools and data. Just 4% of respondents (and 2% of leaders) report that their alignment is merely ad
A majority of respondents say their cybersecu- rity budget is independent of overall IT budgets, with the leaders group very slightly ahead.
However, that still leaves two-fifths of overall respondents with a cybersecurity budget that is part of their overall IT budget (Figure 6). With security costs continuing to rise along with at- tacks, and IT budgets stressed by the expanding needs of the hybrid workforce, it’s easy to see why respondents see budgetary independence as a priority.
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200, leaders n=42. Q. Which of the following best describes how your network and cybersecurity teams are organized and collaborate?
Figure 5
‘Leader’ Organizations Are Much More Likely to Have One Unified Networking & Cybersecurity Team
Organization of Network and Cybersecurity Teams Total Leaders
One unified team for both security and networking
45%
69%
Separate teams with formal and integrated workflows, tools, and data, delivering effective collaboration
40%
14%
Highly aligned teams with informal collaboration with some integrated workflows, tools, data
12%
14%
Separate teams with active attempt at ad hoc alignment
4%
2%
Figure 6
Close to 6 in 10 Say the Cybersecurity Budget Is Independent of Overall IT Budget
Cybersecurity Budgets Total Leaders
Independent of any IT budgets Part of overall IT Budgets
59% 62%
42% 38%
Conclusion
There is no doubt that, based on this survey, the most successful way to align NetOps and SecOps is with a unified team, but not all organizations have achieved this yet. While factors such as budgetary control and access to resources are important differentiators, the right reporting structure emerges as a key point of difference between leaders and others.
Leaders are more likely to report both unified teams and a CISO who reports directly to the CEO. This emphasizes the scale of the challenge facing many organizations. Unified teams are more efficient, but they are also better able to address their priorities if leaders control their own budgets and have a common structure for reporting to the CEO. It would be very easy for this approach to encourage silos rather than eliminate them, so it is vital to have the right leadership, tools and processes to encourage collaboration and cooperation. Once again, developing and communicating a team vision has a crucial role to play here in preventing silos from re-emerging.
Though there are challenges to negotiate, the fact that growing coordination and collabora- tion is the top priority among all respondents is a strong indication that most organizations believe it is important to remove divisions, even if many still have a long way to go.
“Security isn’t after the fact, it’s upfront,” says Mike Kelly, AVP, IT Infrastructure at NETSCOUT.
“It’s part of the architecture. It’s part of the decision-making. It’s part of operations and support. So you have to have the type of rela- tionship where there’s SecOps awareness and visibility into every project.”
“Security,” he adds, “is part of the fabric of everything we do.”
In terms of reporting, two-fifths of CISOs report to the CEO, while almost half report to the CIO or CTO (Figure 7). Organizations in the leading group are more likely to have a CISO who reports directly to the CEO. While it may seem counterintuitive that leaders are both more like- ly to have integrated NetOps and SecOps teams and more likely to have separate budgets and leadership for these teams, what’s working for leaders is a unified team in which voices from both sides are heard by the CEO and each has control of its spending. Effective collaboration doesn’t depend on one team being subservient or ancillary to the other. Instead, they are closely intertwined through workflow processes and a clear vision.
“A shared vision is everything. Right now, SecOps and NetOps people often think on different planes of reality. The NetOps team is often more aligned to the business, while SecOps is immersed in the world of threats and vulnerabilities. They need to find a middle ground.”
— SHAMUS MCGILLICUDDY, VICE PRESIDENT OF RESEARCH, NETWORKING, ENTERPRISE MANAGEMENT ASSOCIATES
Source: WSJ Intelligence & NETSCOUT Cybersecurity Study August 2021: Base: Total respondents n=200. Q. In your organization, which of the below best describes the reporting structure of your CISO?
Figure 7
Almost Half of CISOs Report to the CIO/CTO Total: CISO Reporting Structure
38%
16%
47%
CTO/CIO or equivalent CEO or equivalent Another C-Suite executive
Methodology
This report is based on an online quantitative survey conducted by WSJ Intelligence with sponsorship from NETSCOUT, fielded in August 2021.
Respondent Profile:
• 100 CIOs/CTOs and 100 CISOs.
• Industry: Banking/Financial Services 21%; Technology/Software 19%; Consumer Packaged Goods 17%;
Retail/Wholesale 14%; Insurance 11%; Transportation 10%; Energy/Utilities 9%.
• Revenue: $500 million-$999.99 million 15%; $1 billion-$4.99 billion 35%; $5 billion-$9.99 billion 23%;
$10 billion+ 27%.
Note: Numbers may not equal 100% due to rounding
About WSJ Intelligence
WSJ Intelligence conducts bespoke and secondary research for brands and client brands of The Wall Street Journal | Barron’s Group. Through rigorous analysis, WSJ Intelligence provides insights that are relevant, timely and reliable.
About NETSCOUT
NETSCOUT SYSTEMS, INC. assures digital business services against disruptions in availability, performance and security. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility, and insights customers need to accelerate and secure their digital transformation. Our mission is protecting the global leaders of industry from the risks of disruption, allowing them to solve their most challenging network performance and security problems, ensuring the connected world runs safely and smoothly.
