I served in the U.S. Navy Reserves for many years helping to gather intelligence on our nation’s enemies and protecting the security of our systems and networks. One of the first lessons you learn in the Navy is teamwork is everything. A mission cannot be successfully executed unless the team is functioning as one, and it’s a lesson that corresponds closely with the daily requirements of the business world. I was reminded of this recently as I was thinking about how security and operations teams within an organization operate.
Enterprise security and IT operations teams (SecOps) have traditionally been considered separate functions, often making it more difficult to quickly identify and respond to potential vulnerabilities. Given the steady stream of high profile breaches we’ve seen like Home Depot and Sony, coupled with larger more complex IT environments, new regulatory standards, and rising penalties for non-compliance, it’s critical that these two functions collaborate in order to accelerate remediation efforts, and ensure the security and compliance of the organization.
Who’s Responsible for What?
The model for how these two teams are meant to function is pretty textbook. The security teams are ultimately responsible for defining the policies and strategies to identify and remediate vulnerabilities within their networks. The technical operations teams are responsible for executing the policy and strategy, and the internal risk and audit teams monitor these functions to ensure its meeting corporate and regulatory requirements. Seems simple right? Well not exactly.
The reality of how these teams collaborate is much more challenging and can seem like the ultimate domino effect. Several factors contribute to this including:
• Tasks are performed by hand or with point solutions - many SecOps teams use siloed tools to perform infrequent manual audits to assess security and compliance issues, then remediate the issues by hand. This can be a slow, error-filled process.
• Integration is non-existent – the use of siloed tools in turn means security and operations aren’t sharing or integrating data across teams and other departments, further segmenting the functions of these teams.
• Audit-only security scanning tools lack closed loop compliance – many of the security audit tools available today lack integrated remediation capabilities (closed loop compliance). This disconnected approach can double the time it takes for even basic vulnerability assessment and remediation tasks.
Closing the Gap
So how do you close the SecOps gap within your organization? There has to be a fundamental shift in thinking about how organizations efficiently achieve risk, governance and compliance. In addition, there has to be a understanding of the goals of both the security and IT operations teams. Each group has a vested interest in the organization and ultimately wants to do the right thing, but each need to understand the others roles and challenges in order to change. And speaking of change, it’s inevitable that unforeseen things are going to happen. It’s important to be flexible to change in order to efficiently address potentials threats. Sharing data cross collaboratively with shared tools will help greatly with this. Lastly, consider deploying an integrated intelligence solution that continuously automates compliance tasks to lower the cost of audit and compliance, reduce risk and enable efficient collaboration between security compliance and operations teams.
By putting teamwork front and center of your security and IT operations, you’ll be able to speed remediation, reduce the time and cost required to conduct audits, reduce the risk of change and ultimately start to close the SecOps gap.