Bridging the SecOps Gap
Security and Operations Teams Must Band Together to Foil Hackers
January 25, 2016

Bill Berutti
BMC

Share this

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Share this

The Latest

November 20, 2017

When you say "DevOps" one of the first words that comes to mind is "collaboration." But exactly how do we make this collaboration happen? This epic DEVOPSdigest list – posted in 7 parts – intends to find the answer. DEVOPSdigest asked experts from across the industry for their opinions on the best way to foster collaboration between Dev and Ops ...

November 17, 2017

Just in time for the holiday shopping season, APMdigest asked experts from across the industry for their opinions on the best way to measure eCommerce performance, in terms of applications, networks and infrastructure. Part 3, the final installment, covers the customer journey ...

November 16, 2017

Just in time for the holiday shopping season, APMdigest asked experts from across the industry for their opinions on the best way to measure eCommerce performance, in terms of applications, networks and infrastructure. Part 2 covers APM and monitoring ...

November 15, 2017

As the holiday shopping season looms ahead, and online sales are positioned to challenge or even beat in-store purchases, eCommerce is on the minds of many decision makers. To help organizations decide how to gauge their eCommerce success, APMdigest compiled a list of expert opinions on the best way to measure eCommerce performance ...

November 14, 2017

More than 90 percent of respondents are concerned about data and application security in public clouds while nearly 60 percent of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic, according to a new Cloud Security survey ...

November 13, 2017

Today's technology advances have enabled end-users to operate more efficiently, and for businesses to more easily interact with customers and gather and store huge amounts of data that previously would be impossible to collect. In kind, IT departments can also collect valuable telemetry from their distributed enterprise devices to allow for many of the same benefits. But now that all this data is within reach, how can organizations make sense of it all? ...

November 09, 2017

CIOs trying to lead digital transformation at the speed needed to succeed need a mix of three scale accelerators, according to Gartner, Inc. The three scale accelerators include: digital dexterity, network effect technologies, and an industrialized digital platform ...

November 08, 2017

While the majority of IT practitioners in the UK believe their organization is equipped to support digital services, over half of them also say they face consumer-impacting incidents at least one or more times a week, sometimes costing their organizations millions in lost revenue for every hour that an application is down, according to PagerDuty's State of Digital Operations Report: United Kingdom ...

November 07, 2017

Today's IT is under considerable pressure to remain agile, responsive and scalable to meet the changing needs of business. IT infrastructure can't become a bottleneck, it must be the enabler. But as new paradigms, such as DevOps, are adopted, data center complexity increases and infrastructure constraints can block the ability to achieve these goals ...

November 06, 2017

It's 3:47am. You and the rest of the Ops team have been summoned from your peaceful slumber to mitigate an application delivery outage. Your mind races as you switch to problem solving mode. It's time to start thinking about how to make this mitigation FUN! ...