Story image

SecOps: Clear opportunities for powerful collaboration

21 Feb 2019

If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.

IT security is no longer a niche aspect of IT management, it’s an all-pervasive business risk that will affect all parts of an organisation, according to Micro Focus.

While IT and security teams have traditionally kept each other at arm’s length and with a ‘forced tolerance’ for each other, now is the time for change.

 “Increasing regulatory pressure from privacy laws such as Australia's notifiable data breaches (NDB) scheme and Europe’s General Data Protection Regulation (GDPR), as well as high-visibility security breaches, are driving teams to more closely coordinate their efforts in mutually-beneficial ways,” explains Micro Focus managing director Peter Fuller.

SecOps could be the way ahead and provides a way for developers and operations teams to work together. Micro Focus believes SecOps provides clear opportunities to strengthen collaboration and defend against attacks.

1. Share identity and access data

Identity and access management (IAM) responsibility is often shared by security and operations teams. According to Verizon’s 2018 Data Breach Investigations Report, compromised credentials are the top threat in security breaches, making IAM governance and control critical. Teams can use IAM data as a source of insight for security information and event management, not just to search for evidence after a breach but to identify a breach in program in real time by alerting on unusual access patterns or abuse of privileges. 

2. Establish a patch management partnership

Typically, the operations team is responsible and accountable for patch management, with security and audit providing policies and verification. This can create an adversarial mentality in which each side blames the other for any shortcomings. 

However, if patch management is seen as a partnership, challenges can be solved together. For example, security can help operations through regular re-prioritisation of vulnerabilities and, where changes are frozen, can work to provide mitigation strategies such as network segmentation or additional security monitoring. 

3. Manage the data

Database management often falls under the purview of operations but these efforts are usually focused on maintaining the performance of the database rather than on protecting the data. However, the increased focus on data privacy and protection means these efforts need to be focused on securing data as well. Encryption is the ideal approach and modern approaches to format-preserving encryption encrypt data without altering the data format. 

4. Embrace change

It’s important to make implementing changes easier for operations in response to increased pressure from DevOps to provision faster. Security teams must, therefore, resist the urge to implement every feature of a privilege management tool on every system. Decisions around privileges must be made based on risk. 

Even better are risk-based activity controls that terminate access or step up authentication if high-risk commands are used. And, automating common responses to security incidents through orchestration tools for select changes allows a rapid reaction while minimising risk. 

5. Plan and train response procedures together

SecOps teams must plan and train together to respond to cyber attacks effectively. Preparing before a breach occurs is essential to ensure a sufficient response. Operations and security much engage equally in these preparations to ensure both perspectives are accounted for and the team can work seamlessly together if a breach occurs. 

“IT ops and security may struggle to find the right balance at first but, the more the two teams work together, the more seamless their collaboration will be and the more appreciation each will have for the other’s perspective. This will ultimately improve the confidentiality, integrity, and availability of IT services,” Fuller concludes.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.