Story image

SecOps: Clear opportunities for powerful collaboration

21 Feb 2019

If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.

IT security is no longer a niche aspect of IT management, it’s an all-pervasive business risk that will affect all parts of an organisation, according to Micro Focus.

While IT and security teams have traditionally kept each other at arm’s length and with a ‘forced tolerance’ for each other, now is the time for change.

 “Increasing regulatory pressure from privacy laws such as Australia's notifiable data breaches (NDB) scheme and Europe’s General Data Protection Regulation (GDPR), as well as high-visibility security breaches, are driving teams to more closely coordinate their efforts in mutually-beneficial ways,” explains Micro Focus managing director Peter Fuller.

SecOps could be the way ahead and provides a way for developers and operations teams to work together. Micro Focus believes SecOps provides clear opportunities to strengthen collaboration and defend against attacks.

1. Share identity and access data

Identity and access management (IAM) responsibility is often shared by security and operations teams. According to Verizon’s 2018 Data Breach Investigations Report, compromised credentials are the top threat in security breaches, making IAM governance and control critical. Teams can use IAM data as a source of insight for security information and event management, not just to search for evidence after a breach but to identify a breach in program in real time by alerting on unusual access patterns or abuse of privileges. 

2. Establish a patch management partnership

Typically, the operations team is responsible and accountable for patch management, with security and audit providing policies and verification. This can create an adversarial mentality in which each side blames the other for any shortcomings. 

However, if patch management is seen as a partnership, challenges can be solved together. For example, security can help operations through regular re-prioritisation of vulnerabilities and, where changes are frozen, can work to provide mitigation strategies such as network segmentation or additional security monitoring. 

3. Manage the data

Database management often falls under the purview of operations but these efforts are usually focused on maintaining the performance of the database rather than on protecting the data. However, the increased focus on data privacy and protection means these efforts need to be focused on securing data as well. Encryption is the ideal approach and modern approaches to format-preserving encryption encrypt data without altering the data format. 

4. Embrace change

It’s important to make implementing changes easier for operations in response to increased pressure from DevOps to provision faster. Security teams must, therefore, resist the urge to implement every feature of a privilege management tool on every system. Decisions around privileges must be made based on risk. 

Even better are risk-based activity controls that terminate access or step up authentication if high-risk commands are used. And, automating common responses to security incidents through orchestration tools for select changes allows a rapid reaction while minimising risk. 

5. Plan and train response procedures together

SecOps teams must plan and train together to respond to cyber attacks effectively. Preparing before a breach occurs is essential to ensure a sufficient response. Operations and security much engage equally in these preparations to ensure both perspectives are accounted for and the team can work seamlessly together if a breach occurs. 

“IT ops and security may struggle to find the right balance at first but, the more the two teams work together, the more seamless their collaboration will be and the more appreciation each will have for the other’s perspective. This will ultimately improve the confidentiality, integrity, and availability of IT services,” Fuller concludes.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.