Bridging the SecOps Gap
Security and Operations Teams Must Band Together to Foil Hackers
January 25, 2016

Bill Berutti
BMC

Share this

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Share this

The Latest

June 13, 2019

Establishing a digital business is top-of-mind, even more so than last year, as 91% of organizations have adopted or have plans to adopt a digital-first strategy, according to IDG Communications Digital Business Research ...

June 12, 2019

If digital transformation is to succeed at the pace enterprises demand, IT teams, the CIOs who lead them, and the boardroom must forge a far greater alignment than presently exists. That is the over-arching sentiment expressed by IT professionals in a recent survey on the state of IT infrastructure and roadblocks to digital success ...

June 11, 2019

Given the incredible amount of traffic traversing corporate WANs, it's not surprising that businesses are seeing performance issues. If anything, it's amazing applications work as well as they do ...

June 10, 2019

Are your business applications sluggish? Choppy? Prone to getting hung up or crashing at the most inopportune times? If these symptoms sound familiar, you might be suffering from the heartache of … poor application performance. Stop me if any of this sounds familiar ...

June 06, 2019
AIOps Exchange, a not-for-profit private forum defining the future of AIOps, published <span style="font-style: italic;">The AIOps Manifesto</span> discussing the role of AI in supporting digital transformation ...
June 05, 2019

As network transformation initiatives like SD-WAN, edge computing and public/private clouds are adopted at increasing rates, hybrid networks are quickly becoming the new normal for IT and NetOps professionals.Without visibility into these hybrid network environments, NetOps are unable to troubleshoot the business-critical applications every organization relies on today. Here are four ways IT and NetOps teams can gain better visibility into complex, hybrid networks ...

June 04, 2019

A minimum Internet Performance Bar exists that, if met, should deliver top-tier website performance, regardless of industry, according to the 2019 Digital Experience Performance Benchmark Report, from ThousandEyes, a comparative analysis of web, infrastructure and network performance metrics from the top 20 US digital retail, travel and media websites ...

June 03, 2019

Since digital transformation is happening at such a rapid pace based on new, highly complex technologies like multi-cloud, containers and microservice architectures, customers are experiencing more challenges than ever in managing this complexity. However, with every challenge comes an opportunity. So, how can channel partners leverage these market disruptions to open the door to opportunity? The answer is simple ...

May 30, 2019

Executives from proactive organizations reported using performance management strategies to deliver innovation and meet broader business goals, and implementing application performance management (APM) tools with advanced monitoring features such as real-time user experience monitoring, and providing a composite view of log and performance data, according to Driving Business Performance Through Application Performance Management, a new report from GigaOm ...

May 29, 2019

Through our recent study, we wanted to better understand how service desk users are interacting with the service teams; how they connect for service; the manner in which most service desks receive user requests; and if organizations employ a knowledge base and how that information might be stored. Here’s what we’ve discovered ...