Bridging the SecOps Gap
Security and Operations Teams Must Band Together to Foil Hackers
January 25, 2016

Bill Berutti
BMC

Share this

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Share this

The Latest

February 22, 2018

Everyone wants to talk about how analytics is the future of network engineering and operations. The phrase "network analytics" is used by vendors of various stripes to imply that a particular technology is smarter and better than the average solution. But what is it? What does the term network analytics mean to the enterprise network infrastructure professionals? ...

February 21, 2018

Three out of four (76%) of organizations think IT complexity could soon make it impossible to manage digital performance efficiently, according to the Top Challenges Facing CIOs in a Cloud-Native World report from Dynatrace ...

February 20, 2018

The Global CIO Point of View report compiled by ServiceNow notes that 89 percent of organizations are either in the planning stages or are already taking advantage of machine learning. Nearly 90 percent of the CIOs surveyed anticipate that increasing automation will increase the speed and accuracy of decisions, and more than two-thirds believe that decisions made by machines will be more accurate than human-made decisions ...

February 16, 2018

The enterprise WAN is unable to keep up with digital transformation demands, according to Foundation for Digital Transformation, a new research report, authored by Ensemble IQ and supported by InfoVista. This challenge was universal across all three vertical industries surveyed — retail, manufacturing, and banking/financial services ...

February 15, 2018

Achieving optimum Java Virtual Machine (JVM) performance is key to ensuring proper memory management and fast application processing. According to a Cornell University study, a 1-millisecond improvement in the performance of a trading application can be worth $100 million a year to a major brokerage firm. Because of this potential for loss, IT teams owning banking, financial, trading and other Java-based applications place a high value on having a proper JVM monitoring strategy in place ...

February 13, 2018

APM had to evolve to keep pace with development velocity and maintain the service quality for the modern applications born out of digital transformation. Automation and artificial intelligence (AI) technologies are critical to the next step in APM evolution, helping to address speed, scalability and intelligence demands ...

February 12, 2018

A worldwide survey by Gartner, Inc. showed that 91 percent of organizations have not yet reached a "transformational" level of maturity in data and analytics, despite this area being a number one investment priority for CIOs in recent years ...

February 09, 2018

Mobile app performance is still a significant issue. In a new report from PacketZoom, The Effect of Mobile Network Performance on Mobile App Users, 66% of consumers said reliable mobile app performance is "very important" — second only to mobile app security ...

February 07, 2018

IT departments that shift from reactionary fire fighters to becoming proactive business partners find their ticket counts reduced from 20 to 50 percent or more. The strategies outlined in Part 1 of this blog may all sound like a great way to turn IT into a strategic, proactive business-enabler, but how can companies turn strategy into reality? The following are three best practices ...