Bridging the SecOps Gap

Security and Operations Teams Must Band Together to Foil Hackers
Bill Berutti
Learn more about BMC

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Related Links

Hot Topics

Related Vendors

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...

Bridging the SecOps Gap

Security and Operations Teams Must Band Together to Foil Hackers
Bill Berutti
Learn more about BMC

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Related Links

Hot Topics

Related Vendors

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...