Security Operations is a collaboration between IT security and operations teams that integrates tools, processes, and technology to keep an enterprise secure while reducing risk.
Let’s Define SecOps
As information security teams become more important in organizations, there is often a distinct gap that arises between them and IT operations teams. Each has fundamentally different priorities, which can result in conflicting efforts and disparate tools that create inefficiencies, reduce security postures, and open up an organization to greater risks. As a case in point, the best security tools in an organization may block or shut down critical applications that are running time-sensitive operations because of a perceived harmful cyber attack.
When security and IT operations teams work more closely together in a SecOps approach, they share accountability for the priorities included in maintaining the productive state and security of their enterprise’s environment. With this proactive joint effort, there is greater visibility into security vulnerabilities throughout the organization and shared valuable information that can help resolve security issues quickly while keeping IT operations agile and fully functioning.
Years ago, before cyber attackers became a prevalent discussion in nearly every enterprise, the network perimeter was easily defined and securable. But today, that perimeter now goes well beyond an organization’s firewall, and it resides in endpoints that may be on in coffee shops, remote offices, and in every corner of the world. The increasing importance of protecting of this new perimeter – the endpoints – is why it is so important for IT and security teams to converge and create a comprehensive security posture that does not compromise normal business operations.
Security operations are becoming increasing complex as companies attempt to protect themselves. In fact, research from Enterprise Strategy Group (ESG) found that 72% of the organizations they surveyed found security operations were more difficult in July 2017 than two years earlier. These organizations are facing an increasingly sophisticated threat landscape, a growing volume of security alerts, and ongoing gaps in security monitoring.
Many of these issues can be minimized as security and IT operations join forces. For instance, voke surveyed companies across the globe on secure operations automation. In the companies that experienced a failed security audit, 81% admitted the failure could have been prevented by a configuration or patch. Similarly, 79% of the companies that experienced a security breach indicated it could have been avoided with a patch or configuration change.
However, it’s clear that SecOps is still evolving. Dark Reading research found that 28% of the organizations they surveyed indicated security teams are typically only brought in at the beginning of important IT projects. Only 15% say they are brought in on every new project and that their views are highly valued. For most of the rest – 54% – security teams may be consulted on a few projects or even, not all.
While adoption of a SecOps function may not be widespread, it is certainly on the horizon for many companies. A report from Forbes Insights notes that nearly half of the surveyed companies plan on combining security and operations personnel into teams for fortifying mission-critical applications. The companies that have achieved this already are experiencing significant benefits. EMA research indicates that 59% of these companies have achieved dramatic or significant benefits, with better ROI on the existing security infrastructure, and improved operation efficiencies across security and the rest of IT listed as the top two.
72% of the organizations they surveyed found security operations were more difficult in than two years earlier.
The cloud is a powerful tool when it comes to securing your company’s endpoints. Moving SecOps to the cloud can enhance your security even more, as a collaborative cloud-powered approach allows you to:
Execute - Execute a broad range of operational activities quickly, confidently, on-demand
Establish - Establish proactive IT hygiene to prevent attacks
Build - Build consistency into operational reporting and auditing processes
Remove - Remove barriers between security analysis and IT operations
Extend - Extend investigation and remediation capabilities
Replace - Replace ad hoc scripts and tasks with a structured SecOps platform
|IT Operations Management|