sb-au logo
Story image

SecOps: Clear opportunities for powerful collaboration

21 Feb 2019

If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.

IT security is no longer a niche aspect of IT management, it’s an all-pervasive business risk that will affect all parts of an organisation, according to Micro Focus.

While IT and security teams have traditionally kept each other at arm’s length and with a ‘forced tolerance’ for each other, now is the time for change.

 “Increasing regulatory pressure from privacy laws such as Australia's notifiable data breaches (NDB) scheme and Europe’s General Data Protection Regulation (GDPR), as well as high-visibility security breaches, are driving teams to more closely coordinate their efforts in mutually-beneficial ways,” explains Micro Focus managing director Peter Fuller.

SecOps could be the way ahead and provides a way for developers and operations teams to work together. Micro Focus believes SecOps provides clear opportunities to strengthen collaboration and defend against attacks.

1. Share identity and access data

Identity and access management (IAM) responsibility is often shared by security and operations teams. According to Verizon’s 2018 Data Breach Investigations Report, compromised credentials are the top threat in security breaches, making IAM governance and control critical. Teams can use IAM data as a source of insight for security information and event management, not just to search for evidence after a breach but to identify a breach in program in real time by alerting on unusual access patterns or abuse of privileges. 

2. Establish a patch management partnership

Typically, the operations team is responsible and accountable for patch management, with security and audit providing policies and verification. This can create an adversarial mentality in which each side blames the other for any shortcomings. 

However, if patch management is seen as a partnership, challenges can be solved together. For example, security can help operations through regular re-prioritisation of vulnerabilities and, where changes are frozen, can work to provide mitigation strategies such as network segmentation or additional security monitoring. 

3. Manage the data

Database management often falls under the purview of operations but these efforts are usually focused on maintaining the performance of the database rather than on protecting the data. However, the increased focus on data privacy and protection means these efforts need to be focused on securing data as well. Encryption is the ideal approach and modern approaches to format-preserving encryption encrypt data without altering the data format. 

4. Embrace change

It’s important to make implementing changes easier for operations in response to increased pressure from DevOps to provision faster. Security teams must, therefore, resist the urge to implement every feature of a privilege management tool on every system. Decisions around privileges must be made based on risk. 

Even better are risk-based activity controls that terminate access or step up authentication if high-risk commands are used. And, automating common responses to security incidents through orchestration tools for select changes allows a rapid reaction while minimising risk. 

5. Plan and train response procedures together

SecOps teams must plan and train together to respond to cyber attacks effectively. Preparing before a breach occurs is essential to ensure a sufficient response. Operations and security much engage equally in these preparations to ensure both perspectives are accounted for and the team can work seamlessly together if a breach occurs. 

“IT ops and security may struggle to find the right balance at first but, the more the two teams work together, the more seamless their collaboration will be and the more appreciation each will have for the other’s perspective. This will ultimately improve the confidentiality, integrity, and availability of IT services,” Fuller concludes.

Story image
Marriott International reports breach affecting 5.2 million customers
Marriott said in statement that an ‘unexpected’ amount of guest information may have been accessed in mid-January this year, using the login credentials of two employees at one of the company’s franchise properties.More
Story image
Google Chrome postpones changing cookie policy in wake of COVID-19
Google Chrome says it began enforcing secure-by-default handling of third-party cookies with its release of the Chrome 80 update in February. But now the work has been postponed due COVID-19.More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Acronis: Lack of backup process within organisations causing data losses
Traditional strategies and solutions to data protection are no longer able to keep up with the modern IT needs of individuals and organisations. More
Story image
Glenn Maiden to lead FortiGuard Labs A/NZ as director of threat intelligence
Maiden will focus specifically on threat intelligence sharing for organisations across A/NZ, so that those organisations may protect their businesses from existing and emerging cyber threats.More
Story image
Data is more valuable to cyber attackers than cash - report
Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents. More