Maturity is typically used in the context of a person’s path to adulthood. Do they behave and act as civilized adults according to social norms? Or do they throw tantrums, speak out of turn or lack the decorum to behave appropriately for the situation? We also use maturity to describe the sophistication and completeness of an organization’s processes or technology. When referring to maturity in the context of security and IT operations (SecOps) teams, we attempt to measure the ability of an organization to effectively and efficiently prevent and respond to security risks. But, let’s face it, security is hard and there is no realistic end state. Instead, it’s a constant challenge to improve your skills, processes and technology.
It’s important because based on a recent report, SecOps organizations can achieve many benefits as they mature— and there’s plenty of room to grow. More mature SecOps enterprises are likely to have better collaboration between SecOps teams and fewer security vulnerabilities than those that are less evolved. Mature organizations are also able to more quickly mitigate risk and experience faster remediation— in production and in the DevOps pipeline.
These are some of the findings of a commissioned Technology Adoption Profile, conducted by Forrester Consulting on behalf of BMC to evaluate SecOps maturity. This study was based on research with 100 security and IT operations managers in US enterprises. Here are some highlights:
- 44% of enterprises either don’t have a formalized SecOps program, may only use ad hoc security operations processes, or may have practices that are only deployed occasionally. With 77% of enterprises using cloud services, it’s important to pay more attention to threats. If you don’t have a formal SecOps plan, it’s time to develop one.
- 71% report that improving advanced threat intelligence capabilities is their top information/IT security priority. However, 39% report a lack of visibility into unpatched systems and the volume of such systems. Gaining visibility is essential for effectively prioritizing and planning to remediate vulnerabilities.
- About half of the enterprises find that coordination between security and IT operations teams is challenging. SecOps maturity helps drive collaboration between these two teams to mitigate risk, address issues faster, and improve compliance.
- To achieve better identification and remediation of vulnerabilities, 60% report they are upgrading, expanding, or planning to deploy tools to ensure security and compliance of apps in the DevOps process.
The advantages of becoming a more mature SecOps organization and how tools can help
Organizations with more mature SecOps capabilities have reported a variety of benefits, such as:
- Fewer security breaches
- Fewer security distractions
- Decreased cost of patching and compliance
- Improved efficiency between operations and development teams
These organizations are either using tools or planning to use tools that can help identify affected systems, prioritize security issues, deploy patches, increase DevOps efficiency and compliance, and provide other capabilities.
BMC SecOps solutions can help organizations move further along the SecOps maturity curve, which can reduce risk and improve efficiency. Plus, developers can embed compliance and security testing in the development lifecycle — when it’s easier and less costly to find and fix issues — to deliver new, secure apps without disrupting innovation.
Download the full study, Overcoming SecOps Hurdles Decreases Risk While Increasing DevOps Efficiency, and discover the advantages of improving SecOps maturity.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.