SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
IT security is no longer a niche aspect of IT management, it’s an all-pervasive business risk that will affect all parts of an organisation, according to Micro Focus.
While IT and security teams have traditionally kept each other at arm’s length and with a ‘forced tolerance’ for each other, now is the time for change.
“Increasing regulatory pressure from privacy laws such as Australia's notifiable data breaches (NDB) scheme and Europe’s General Data Protection Regulation (GDPR), as well as high-visibility security breaches, are driving teams to more closely coordinate their efforts in mutually-beneficial ways,” explains Micro Focus managing director Peter Fuller.
SecOps could be the way ahead and provides a way for developers and operations teams to work together. Micro Focus believes SecOps provides clear opportunities to strengthen collaboration and defend against attacks.
1. Share identity and access data
Identity and access management (IAM) responsibility is often shared by security and operations teams. According to Verizon’s 2018 Data Breach Investigations Report, compromised credentials are the top threat in security breaches, making IAM governance and control critical. Teams can use IAM data as a source of insight for security information and event management, not just to search for evidence after a breach but to identify a breach in program in real time by alerting on unusual access patterns or abuse of privileges.
2. Establish a patch management partnership
Typically, the operations team is responsible and accountable for patch management, with security and audit providing policies and verification. This can create an adversarial mentality in which each side blames the other for any shortcomings.
However, if patch management is seen as a partnership, challenges can be solved together. For example, security can help operations through regular re-prioritisation of vulnerabilities and, where changes are frozen, can work to provide mitigation strategies such as network segmentation or additional security monitoring.
3. Manage the data
Database management often falls under the purview of operations but these efforts are usually focused on maintaining the performance of the database rather than on protecting the data. However, the increased focus on data privacy and protection means these efforts need to be focused on securing data as well. Encryption is the ideal approach and modern approaches to format-preserving encryption encrypt data without altering the data format.
4. Embrace change
It’s important to make implementing changes easier for operations in response to increased pressure from DevOps to provision faster. Security teams must, therefore, resist the urge to implement every feature of a privilege management tool on every system. Decisions around privileges must be made based on risk.
Even better are risk-based activity controls that terminate access or step up authentication if high-risk commands are used. And, automating common responses to security incidents through orchestration tools for select changes allows a rapid reaction while minimising risk.
5. Plan and train response procedures together
SecOps teams must plan and train together to respond to cyber attacks effectively. Preparing before a breach occurs is essential to ensure a sufficient response. Operations and security much engage equally in these preparations to ensure both perspectives are accounted for and the team can work seamlessly together if a breach occurs.
“IT ops and security may struggle to find the right balance at first but, the more the two teams work together, the more seamless their collaboration will be and the more appreciation each will have for the other’s perspective. This will ultimately improve the confidentiality, integrity, and availability of IT services,” Fuller concludes.