preloader
Sign Up
Menu
Resources

Change is coming, but can networking and security get their act together?

Posted by
On 1 December 2025
0 comments

In Partnership With

For an industry built on innovation, it can be surprising how many barriers there are to IT progress. The mix of products and services has led to enormous technical debt that can complicate even the simplest decision. As enterprises double down on cloud and AI, the challenges only become bigger, particularly as  security teams face new threats across an expanded attack surface

To find a way through this impasse, Cato Networks recently convened a group of 15 like-minded security leaders with skin in the game.

Kicking off an evening of robust discussion as only RANT knows how, Cato Networks VP Northern Europe & MEA, Kanwar Loyal, articulated the challenge facing NetOps and SecOps teams.

“Only 10-15 years ago, everything was point products, on-premises and best of breed. We created complexity that’s actually now causing a problem,” he said. “We consume technology very differently now. We’ve seen an inflexion around traditional networking and security. Enterprises want to consume network and security services exactly the way they’re consuming other SaaS-based applications.”

The first task for CISOs hoping to embark on this journey, is to break down traditional silos that exist between security and networking.

It’s good to talk

Our speaker for the evening, Grant Thornton UK Head of IT Security, John Dunne, highlighted the scale of the challengeA show of hands revealed that four security leaders around the table had discussions with their network team in the previous fortnight about the need for holistic security approach.

“My network team recognise the size of the challenge” he admitted. “But it is a continual process to bring all of the disparate streams on-board so they understand what we are trying to achieve..”

Silo-isation can be one of the reasons preventing departments from working harmoniously together. One security leader suggested a reason why the walls between both functions are so hard to break down. Networking teams traditionally focus on availability, while their security counterparts are more bothered about confidentiality and integrity. “When they say ‘no’, it’s not because they think you’re horrible, it’s because they’re worried you will break something,” he argued.

Another factor is that networking is becoming increasingly marginalised in some organisations as more infrastructure moves to the cloud. One attendee explained that if he wants to talk about cloud services, he speaks to the DevOps team. “The cloud isn’t a network-supported entity,” he added.

So how can security leaders evolve the relationship to a more collaborative one? One CISO shared that he built trust with his networking team because he had previously worked as an engineer installing routers and switches. “It’s about demonstrating that trust and understanding what an engineer goes through,” he said.

Another claimed “friction doesn’t exist” in his organisation because he has had “grown up conversations” about who is responsible for what, and all functions understand there will inevitably be overlaps. Ultimately, they know that “if we don’t work together we’re going to fall apart”, he explained.

Skills, silos and budgets

Technology can also play a role in spanning the network-security divide. For Cato Networks, Secure Access Service Edge (SASE) platforms can be the ideal bridge between the two, by converging networking and security functions in a unified cloud-delivered service. So why aren’t more organisations embracing it? Budget constraints were cited by many around the table, as was the perceived threat that SASE may pose to traditional teams.

Skills gaps were also mentioned by several CISOs as a challenge, especially as organisations build out their cloud infrastructure.

One opined that even cloud engineers “still need to understand” the networking basics. Another, who is the security lead at a cloud-centric organisation, admitted “that’s where we come unstuck”. She shared that she has product security engineers, cloud security engineers and IT engineers, but no network engineers, because “we don’t have a network, we have a mesh of interconnected cloud services and SaaS.” She urged her peers around the table: “Don’t let go of all your network security engineers.”

Basic networking skills are especially vital in a modern SASE environment given the shared responsibility model for managing cloud security.

“It’s a nice way of saying, ‘we’ll do a bit of it then over to you guys’,” explained one CISO. “The problem is finding people that have the experience – finding enough people that know about these things. Because with the shared responsibility model, if you mess up in the way you’ve configured your cloud, it’s your fault.”

Starting the journey

Whatever the challenges, change is coming, according to Cato Network’s Loyal. “There’s always been change,” he argued. “Today’s innovation becomes tomorrow’s commodity. All of us are being driven by change, but we’re being stuck with traditional constraints.”

Traditional mindsets can actively harm an organisation, one attendee warned. “The castle and moat thing is no more,” he said. “But there is still a bit of clinging on to that. It’s a bit dangerous … because all the sensitive stuff is in Workday and Salesforce, not inside [the corporate network].”

This new world of distributed workforces and multi/hybrid cloud environments is one that Zero Trust and SASE were built for. Both require multi-year transformation journeys that put some IT leaders off. But Cato Networks’ Loyal was keen to point out that SASE can be split into more manageable, modular projects depending on which use cases are most urgent.

Even then, plans are often scuppered by unrealistic expectations about time to value, and a desire for a uniform approach that will cover even “niche and edge cases”, attendees argued.

To leap these obstacles, security leaders will need to learn how to speak the language of networking as well as the business, in order to win hearts and minds. One CISO spoke of the need to manage expectations with the board. “Take small steps to win people’s confidence, and the rest will fall into place,” he added.

Another signalled the importance of covering third-party risk in any SASE/Zero Trust discussions, as these are often the edge cases that can make or break a project.

Time for change

Whatever happens, sticking with the status quo is not an option.

“Everyone round this table wants to deliver connectivity, security, control and visibility to every edge and identity,” concluded Loyal. “It needs to be seamless. But how do I deliver a service for the business that accelerates the way the business wants to go?”

SASE may well be the destination. But CISOs will need to think carefully about how they start their journey.

Newer Right Here, Right Now: Is Cybersecurity Focusing On The Most Important AI Threats?
Back to list
Older People Get Ready: Like It Or Not, The Human Perimeter Is A Cybersecurity Challenge