Skip to main content

How companies can adopt a new security strategy and break out of the NOC box

security
(Image credit: Shutterstock / Rabbit_Photo)

When did you first see a network operations center (NOC)? 

For me, it was 1983 at BBN in Cambridge. With some whiteboards, a few terminals, and a handful of chairs, it was modest compared to ones I’ve seen since–but it was also the NOC for the whole internet at the time. Even then, that significance made it a pretty cool place.  Of course, these days the idea of a NOC for the whole internet is mostly a quaint anachronism; today's internet is too complex, both technically and politically, for a single NOC to manage. It would be a mistake to think about today’s internet in terms of that NOC. 

I’ve been thinking about that first NOC because it seems like some corporate networking teams are trapped in a kind of “NOC box.” The NOC box happens when a networking team sees their network primarily through the lens of an efficient and effective NOC, where staff focus on the connections they will create among the various pieces of hardware within company locations. These behaviors are understandable: for decades, these teams have successfully run tightly controlled and physically connected systems. Over time, those networks became more and more critical to the business. But that era is over—or, at least, the trend is now moving in the opposite direction. Now, critical corporate workloads are rapidly moving offsite, accessible via cloud applications. 

But not everything needs to change. Clearly, the networks within physical office locations must function properly. These are—and will remain—crucial objectives for a networking team tasked with keeping operations running, uptime steady, and user experience agreeable. 

What’s changing, though, is that the traditional, on-premises NOC responsibilities are no longer all that networking teams need to be thinking about. In a lot of companies, the workloads completed within the business’ four walls are no longer the main event and haven’t been for a while now. Users at every level of the organization are relying on software-as-a-service (SaaS) and cloud infrastructure applications to do the core elements of their jobs, with on-prem systems taking a back seat. 

How should networking teams best adapt to this paradigm shift? 

In the typical company, people up and down the organizational chart are currently underestimating the extent to which their business has moved off-premises. The pandemic year has forced many businesses to let employees work from anywhere and has rewarded those that already prioritized mobile and cloud access capabilities.

Still, although moving workloads into the cloud is no longer a radical concept, it can be intimidating. “Cloud,” to some, is an intellectually respectable way of saying you don’t know what’s happening somewhere. In this case, it means that you no longer have control over—and maybe even don’t understand—what is happening at some stage of your workloads. That’s not an easy or natural change to make. 

CIOs who are leading the way to the new paradigm, rather than resisting the inevitable, are setting the tone for their networking teams’ transition. Networking is not just about “the network” or even “network infrastructure and operations.” Instead, it’s about connectivity and user experience. 

To the degree that connectivity requires MPLS, switching, routing, or WiFi, those topics still fall within the networking team’s purview. But the core mission needs to be connecting individuals and ensuring that those individuals can stay productive. Corporate networking professionals need to dedicate their time and energy to connecting each of the company’s users with the applications, data, and services they need to accomplish the company’s mission. The exact location where those applications, data, and services reside is irrelevant to the question of who is responsible for providing connectivity.

It’s a fundamental shift: the transition tends to be easier in industries where competitors have already embraced this new reality. The risk calculation then becomes, “Are we in trouble if we don’t do this?” (Yes.)

Tightly integrate networking and security 

But wait, there’s more. One of the most challenging aspects of the shift just mentioned is that another shift in perspective must take place alongside it: deeper networking integration with security expertise. By definition, shifting workloads off-premises means moving them outside company (on-premises) firewalls. Security is more complex in this environment. Strategies for protecting cloud-based data and applications cannot be just an afterthought, or worse, some other team’s responsibility. Instead, they must be a key consideration early on in network design and build. A hard-learned lesson in computer systems is that security is more effective when designed in, not bolted on later.

Security issues arise wherever the organization’s data goes; and however secure the data may be in some location right now, someone will want it to go elsewhere. Because of this shared destiny, it makes sense for the networking team to include a security expert and for the security team to likewise have a networking expert on staff. Some organizations may achieve this via a “hostage swap,” where the two teams literally exchange members. Both teams also need to consider fluency in the cloud whenever they’re hiring. Better yet is to actually integrate the teams—embedding combined security and networking expertise into projects, instead of trying to direct individual networking or security teams to learn the other side’s perspective in hopes of achieving balance. 

Networking and security professionals alike should view security from the user level. They will increasingly need to work together to figure out how to securely connect the organization’s users with the applications and services they need. In many organizations, this will require a zero-trust approach: each user must be validated as legitimate and authorized to access each specific application or other resources, instead of making broad inside/outside, safe/unsafe network-level decisions. 

Such an integrated approach is unlikely to emerge from separate networking and security silos. The IT transformation that 2020 accelerated has emphasized something IT leaders have known, conceptually, for years: Collaboration between, and even convergence of, the two teams will be key to the new networking paradigm that breaks out of the NOC box.

Mark Day, Chief Scientist, Netskope

Mark Day is Chief Scientist at Netskope and brings a diverse background to his role, where he combines his interests in competitive analysis and technology strategy. He is author of the book Bits to Bitcoin: How Our Digital Stuff Works. He has more than thirty patented inventions, and has taught at both MIT and Harvard.