sb-as logo
Story image

SecOps: Clear opportunities for powerful collaboration

21 Feb 2019

If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.

IT security is no longer a niche aspect of IT management, it’s an all-pervasive business risk that will affect all parts of an organisation, according to Micro Focus.

While IT and security teams have traditionally kept each other at arm’s length and with a ‘forced tolerance’ for each other, now is the time for change.

 “Increasing regulatory pressure from privacy laws such as Australia's notifiable data breaches (NDB) scheme and Europe’s General Data Protection Regulation (GDPR), as well as high-visibility security breaches, are driving teams to more closely coordinate their efforts in mutually-beneficial ways,” explains Micro Focus managing director Peter Fuller.

SecOps could be the way ahead and provides a way for developers and operations teams to work together. Micro Focus believes SecOps provides clear opportunities to strengthen collaboration and defend against attacks.

1. Share identity and access data

Identity and access management (IAM) responsibility is often shared by security and operations teams. According to Verizon’s 2018 Data Breach Investigations Report, compromised credentials are the top threat in security breaches, making IAM governance and control critical. Teams can use IAM data as a source of insight for security information and event management, not just to search for evidence after a breach but to identify a breach in program in real time by alerting on unusual access patterns or abuse of privileges. 

2. Establish a patch management partnership

Typically, the operations team is responsible and accountable for patch management, with security and audit providing policies and verification. This can create an adversarial mentality in which each side blames the other for any shortcomings. 

However, if patch management is seen as a partnership, challenges can be solved together. For example, security can help operations through regular re-prioritisation of vulnerabilities and, where changes are frozen, can work to provide mitigation strategies such as network segmentation or additional security monitoring. 

3. Manage the data

Database management often falls under the purview of operations but these efforts are usually focused on maintaining the performance of the database rather than on protecting the data. However, the increased focus on data privacy and protection means these efforts need to be focused on securing data as well. Encryption is the ideal approach and modern approaches to format-preserving encryption encrypt data without altering the data format. 

4. Embrace change

It’s important to make implementing changes easier for operations in response to increased pressure from DevOps to provision faster. Security teams must, therefore, resist the urge to implement every feature of a privilege management tool on every system. Decisions around privileges must be made based on risk. 

Even better are risk-based activity controls that terminate access or step up authentication if high-risk commands are used. And, automating common responses to security incidents through orchestration tools for select changes allows a rapid reaction while minimising risk. 

5. Plan and train response procedures together

SecOps teams must plan and train together to respond to cyber attacks effectively. Preparing before a breach occurs is essential to ensure a sufficient response. Operations and security much engage equally in these preparations to ensure both perspectives are accounted for and the team can work seamlessly together if a breach occurs. 

“IT ops and security may struggle to find the right balance at first but, the more the two teams work together, the more seamless their collaboration will be and the more appreciation each will have for the other’s perspective. This will ultimately improve the confidentiality, integrity, and availability of IT services,” Fuller concludes.

Story image
Remote workers need to improve security measures amidst COVID-19
Technological support and security measures are amongst ways organisations and their employees can protect their business as they move to remote working during the COVID-19 pandemic. More
Story image
ForgeRock appoints new execs to lead IAM growth
“Identity and Access Management is foundational to a modern security architecture especially now as we are experiencing a paradigm shift towards Zero Trust."More
Story image
Email attacks up 667% following rise of COVID-19 worldwide
Of the COVID-19 related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Opportunity knocks for robotics in world of COVID-19
ABI Research highlights that while manufacturing opportunities are down, the worlds of disinfecting, surveillance and delivery are opening.More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More