Bridging the SecOps Gap
Security and Operations Teams Must Band Together to Foil Hackers
January 25, 2016

Bill Berutti
BMC

Share this

The world saw an epic number of data breaches in 2015. Reports of large-scale hacking attacks stealing everything from government secrets to children's birthdays and toy profiles were splashed across the headlines. IT executives and their teams were left to ponder – would we be next? As leaders, we need to leverage the strengths of our security and operations teams to fight back.

BMC and Forbes Insights recently surveyed executives in North America and Europe to get their perspective on their organization's overall security health and to find out what issues are critical to address. The results revealed the need for a framework organizations can use to get a solid strategy in place for improved security and compliance.

The survey showed that 97% of executives expect an increase in breach attempts in the next 12 months and 44% of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf? Lack of visibility between groups, lack of automation and competing priorities between groups all contribute to the issue. These three factors combine to create the "SecOps Gap."

Inconsistent approaches, manual processes and no ability to identify a threat and track its status across the lifecycle are challenges commonly faced by most organizations, and they all contribute to the gap. To address this, companies must focus on three critical elements to ensure that their security and operations teams are aligned on objectives and share accountability for the security and compliance of the organization. The three elements are People, Process and Technology.

People

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organization. They need to balance these goals together with the needs of the business to be agile and reliable.

Process

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organizations need to be tight and provide opportunities for feedback and learning.

Technology

Technology should be deployed to facilitate the coordination and collaboration between these organizations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organizations implement point solutions to address the problem which fall short of addressing the complete problem.

Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60% want tools for automating corrective actions and 59% want a centralized view into vulnerabilities and remediation actions.

With 60% of survey respondents stating IT operations and security teams have only a general understanding of each other's requirements, it's clear that the SecOps Gap needs to be quickly acknowledged and addressed.

Bill Berutti is President of the Cloud, Data Center and Performance Businesses at BMC.

Share this

The Latest

March 30, 2017

Application bottlenecks can lead an otherwise functional computer or server to slow down to a crawl. Addressing bottleneck issues usually results in returning the system to operable performance levels; however, fixing bottleneck issues requires first identifying the underperforming component. These five bottleneck causes are among the most common ...

March 29, 2017

Providing business-critical services at agreed service levels is not easy because numerous factors such as faulty configuration changes, bandwidth, network performance and attacks affect them. To ensure seamless availability of business-critical services, IT teams have to overcome such challenges. ManageEngine surveyed IT professionals to find out the top five challenges that might impact IT in 2017 ...

March 28, 2017

The amount of data, research and case studies on the benefits and effectiveness of hybrid cloud keeps growing. Yet some people are still skeptical, thinking that it’s just a play to keep data centers relevant in a public cloud age. Some recent outages of cloud-based systems may be just the thing to bring hybrid cloud skeptics around ...

March 27, 2017

Monitoring a business means monitoring an entire business – not just IT or application performance. If businesses truly care about differentiating themselves from the competition, they must approach monitoring holistically. Separate, siloed monitoring systems are quickly becoming a thing of the past ...

March 24, 2017

A growing IT delivery gap is slowing down the majority of the businesses surveyed and directly putting revenue at risk, according to MuleSoft's 2017 Connectivity Benchmark Report on digital transformation initiatives and the business impact of APIs ...

March 23, 2017

Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. Without the right foresight, DevOps and IT teams may lose a lot of visibility into these containers resulting in operational blind spots and even more haystacks to find the presumptive performance issue needle ...

March 22, 2017

Much emphasis is placed on servers and storage when discussing Application Performance, mainly because the application lives on a server and uses storage. However, the network has considerable importance, certainly in the case of WANs where there are ways of speeding up the transmission of data of a network ...

March 21, 2017

The majority of IT executives believe investment in IT Service Management (ITSM) is important to gain the agility needed to compete in an era of global, cross-industry disruption and digital transformation, according to Delivering Value to Today’s Digital Enterprise: The State of IT Service Management 2017, a report by BMC, conducted in association with Forbes ...

March 17, 2017

Let’s say your company has examined all the potential pros and cons, and moved your critical business applications to the cloud. The advertised benefits of the cloud seem like they’ll work out great. And in many ways, life is easier for you now. But as often happens when things seem too good to be true, reality has a way of kicking in to reveal just exactly how many things can go wrong with your cloud setup – things that can directly impact your business ...

March 16, 2017

IT leadership is more driven to be innovative than ever, but also more in need of justifying costs and showing value than ever. Combining the two is no mean feat, especially when individual technologies are put forward as the single tantalizing answer ...