Bridging the SecOps Gap
Security and Operations Teams Must Band Together to Foil Hackers
January 25, 2016

Bill Berutti
BMC

Share this

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Share this

The Latest

June 25, 2020

I've had the opportunity to work with a number of organizations embarking on their AIOps journey. I always advise them to start by evaluating their needs and the possibilities AIOps can bring to them through five different levels of AIOps maturity. This is a strategic approach that allows enterprises to achieve complete automation for long-term success ...

June 24, 2020

Sumo Logic recently commissioned an independent market research study to understand the industry momentum behind continuous intelligence — and the necessity for digital organizations to embrace a cloud-native, real-time continuous intelligence platform to support the speed and agility of business for faster decision-making, optimizing security, driving new innovation and delivering world-class customer experiences. Some of the key findings include ...

June 23, 2020

When it comes to viruses, it's typically those of the computer/digital variety that IT is concerned about. But with the ongoing pandemic, IT operations teams are on the hook to maintain business functions in the midst of rapid and massive change. One of the biggest challenges for businesses is the shift to remote work at scale. Ensuring that they can continue to provide products and services — and satisfy their customers — against this backdrop is challenging for many ...

June 22, 2020

Teams tasked with developing and delivering software are under pressure to balance the business imperative for speed with high customer expectations for quality. In the course of trying to achieve this balance, engineering organizations rely on a variety of tools, techniques and processes. The 2020 State of Software Quality report provides a snapshot of the key challenges organizations encounter when it comes to delivering quality software at speed, as well as how they are approaching these hurdles. This blog introduces its key findings ...

June 18, 2020

For IT teams, run-the-business, commodity areas such as employee help desks, device support and communication platforms are regularly placed in the crosshairs for cost takeout, but these areas are also highly visible to employees. Organizations can improve employee satisfaction and business performance by building unified functions that are measured by employee experience rather than price. This approach will ultimately fund transformation, as well as increase productivity and innovation ...

June 17, 2020

In the agile DevOps framework, there is a vital piece missing; something that previous approaches to application development did well, but has since fallen by the wayside. That is, the post-delivery portion of the toolchain. Without continuous cloud optimization, the CI/CD toolchain still produces massive inefficiencies and overspend ...

June 16, 2020

The COVID-19 pandemic has exponentially accelerated digital transformation projects. To better understand where IT professionals are turning for help, we analyzed the online behaviors of IT decision-makers. Our research found an increase in demand for resources related to APM, microservices and dependence on cloud services ...

June 15, 2020

The rush to the public cloud has now slowed as organizations realized that it is not a "one size fits all" solution. The main issue is the lack of deep visibility into the performance of applications provided by the host. Our own research has recently revealed that 32% of public cloud resources are currently under-utilized, and without proper direction and guidance, this will remain the case ...

June 11, 2020

The global shift to working from home (WFH) enforced by COVID-19 stay-at-home orders has had a massive impact on everyone's working lives, not just in the way they remotely interact with their teams and IT systems, but also in how they spend their working days. With both governments and businesses committed to slowly opening up offices, it's increasingly clear that a high prevalence of remote work will continue throughout 2020 and beyond. This situation begets important questions ...

June 10, 2020
In recent years, with the emergence of newer technologies ranging from the cloud to machine learning, IT modernization has evolved from a replacement of end-of-life infrastructure to an enabler of innovation and business value. It is a complex process that can take months or even years, but a recent survey shows that the effort begins to deliver measurable results almost as soon as an organization executes the first steps on its roadmap ...