Security Operations is a collaboration between IT security and operations teams that integrates tools, processes, and technology to keep an enterprise secure while reducing risk.
Let’s Define SecOps
As information security teams become more important in organizations, there is often a distinct gap that arises between them and IT operations teams. Each has fundamentally different priorities, which can result in conflicting efforts and disparate tools that create inefficiencies, reduce security postures, and open up an organization to greater risks. As a case in point, the best security tools in an organization may block or shut down critical applications that are running time-sensitive operations because of a perceived harmful cyber attack.
When security and IT operations teams work more closely together in a SecOps approach, they share accountability for the priorities included in maintaining the productive state and security of their enterprise’s environment. With this proactive joint effort, there is greater visibility into security vulnerabilities throughout the organization and shared valuable information that can help resolve security issues quickly while keeping IT operations agile and fully functioning.
Years ago, before cyber attackers became a prevalent discussion in nearly every enterprise, the network perimeter was easily defined and securable. But today, that perimeter now goes well beyond an organization’s firewall, and it resides in endpoints that may be on in coffee shops, remote offices, and in every corner of the world. The increasing importance of protecting of this new perimeter – the endpoints – is why it is so important for IT and security teams to converge and create a comprehensive security posture that does not compromise normal business operations.
So what happens when IT and security teams join forces?
Priorities merge and consolidate, ensuring that security is no longer an afterthought. It can be built into IT and application development environments from the beginning, improving the integrity of security and hardening defenses.
Communication and information are integrated, providing greater visibility and insights into vulnerabilities throughout an organization for better decision making.
Tools and technology are joined together into a single security portfolio that builds strong endpoint protection and provides optimal IT hygiene.
Security becomes proactive with consistent enterprise-wide security policies that ensure issues are resolved much faster and more precisely.
IT operations become streamlined with more effective and efficient patch deployment, fewer compliance failures, and less downtime.
Security operations are becoming increasing complex as companies attempt to protect themselves. In fact, research from Enterprise Strategy Group (ESG) found that 72% of the organizations they surveyed found security operations were more difficult in July 2017 than two years earlier. These organizations are facing an increasingly sophisticated threat landscape, a growing volume of security alerts, and ongoing gaps in security monitoring.
Many of these issues can be minimized as security and IT operations join forces. For instance, voke surveyed companies across the globe on secure operations automation. In the companies that experienced a failed security audit, 81% admitted the failure could have been prevented by a configuration or patch. Similarly, 79% of the companies that experienced a security breach indicated it could have been avoided with a patch or configuration change.
However, it’s clear that SecOps is still evolving. Dark Reading research found that 28% of the organizations they surveyed indicated security teams are typically only brought in at the beginning of important IT projects. Only 15% say they are brought in on every new project and that their views are highly valued. For most of the rest – 54% – security teams may be consulted on a few projects or even, not all.
While adoption of a SecOps function may not be widespread, it is certainly on the horizon for many companies. A report from Forbes Insights notes that nearly half of the surveyed companies plan on combining security and operations personnel into teams for fortifying mission-critical applications. The companies that have achieved this already are experiencing significant benefits. EMA research indicates that 59% of these companies have achieved dramatic or significant benefits, with better ROI on the existing security infrastructure, and improved operation efficiencies across security and the rest of IT listed as the top two.
72% of the organizations they surveyed found security operations were more difficult in than two years earlier.
Physical data centers are limited by space and their reliance on hardware and equipment. Now, servers can be virtualized, where processing power and memory are separated from the hardware in a virtual machine. With data center virtualization, administrators can create a virtual data center infrastructure using remote servers to share the workload and storage. A virtual data center requires less equipment, less power, and less room than a traditional physical data center. A virtual data center can also access or “burst into” either a public or private cloud when more storage or processing resources are required. Virtual data centers are also known as software-defined data centers because all of the services they provide, including networking and storage, are delivered through software rather than hardware.
Cloud service providers can provide virtualized data centers as a service, taking over the management and delivery of a company’s core operations, networking, and storage. These providers share virtual networks, storage, and servers among several different companies, shifting storage space and workload processing among servers as needed. An organization can also use part of its own infrastructure to create a private cloud for the same purpose or use a combination of private and public clouds, which is known as a hybrid cloud environment. A virtual data center can co-exist with an existing physical data center, running in parallel, or businesses may use modern data center equipment to run a fully virtual data center. A hyperconverged infrastructure (HCI) integrates compute, storage, and networking equipment with virtualization software and optimizes it to run as a single system. With an HCI, all of the data center functions run on software that is closely integrated with the hardware. This software-driven approach enables the automation of storage tasks and operations that previously required server hardware to be manually adjusted.
Modern businesses are figuring out how to take advantage of new IoT technology that allows them to learn more about their customers and better engage them. The data collection and analysis that supports this type of research and provides an optimized customer experience requires some heavy lifting from the data center. Virtualization, HCI, and the cloud are transforming data centers, allowing them to become flexible and responsive to fluctuations in workloads in real time, and to manage larger amounts of data. Software-defined data centers can be much more cost efficient than physical data centers to build and maintain. Using a virtual data center infrastructure, especially when combined with a private or public cloud, allows businesses to save money on physical infrastructure, space, and power. Virtualized data centers also allow companies to have more flexibility in choosing their hardware since cloud-based infrastructure-as-a-service (IaaS) platforms run on a variety of different hardware. And with tiered storage plans, the cost of public cloud services is becoming more affordable. As the Internet of Things expands, and the amount of data that is generated on a daily basis increases exponentially, the scalability and processing power of virtual data centers will become more and more critical.