It’s no surprise that when Security and Operations (SecOps) are more closely integrated, they are in a better position to minimize risk and ensure compliance while keeping up with the demands of digital business. For example, when security sends scans of vulnerabilities over to IT Operations for remediation, operations people can more quickly prioritize and patch the vulnerability when they have greater visibility into its context and severity level. Patching can require brief outages and must be done during a limited window of time. As digital business accelerates, those windows keep shrinking. IT organizations need the tools and processes to automate remediation by providing the analytics to quickly and easily focus on the most critical vulnerabilities.
Findings from a report1 by Enterprise Management Associates (EMA) discussed SecOps integration in detail and described what makes SecOps teams successful in IT organizations with some level of SecOps integration underway. They surveyed 251 security and IT execs/professionals in North America, Germany, France, and the UK. The report reviewed technology and cultural/process challenges and how they can be addressed, along with how integrating these various functions can impact development, innovation, ROI and other areas. Here are some highlights of this report:
- Achieving better analytics was consistently a top driver of SecOps integrations.
- Hundred percent of the organizations that were rated as extremely successful in achieving real benefits from their SecOps integration initiatives were actively using or deploying analytics.
- In SecOps priorities for DevOps projects, minimizing the risks in handoffs between development and operations were a top priority, as well as having superior process/workflows to promote security and compliance.
- The top three benefits of SecOps were: achieving a better ROI on the existing infrastructure; improving operational efficiencies across security and the rest of IT; and more efficiently using cloud services.
- SecOps initiatives generally delivered strong levels of value. In fact, nearly 60 percent of respondents indicated they achieved either significant or dramatic benefits from their initiatives.
Overcoming technology challenges
Surprisingly, the report also indicated that roadblocks to the effectiveness of SecOps initiatives were generally more prevalent due to technology issues rather than process and cultural problems. This was caused by challenges related to data sharing and integration. BMC SecOps Response Service, however, can help solve that problem with advanced analytics, integration, and remediation capabilities. It provides vulnerability intelligence that establishes one common view and dashboards to meet the needs of security and operations users. The solution integrates data from vulnerability scanners and BMC Discovery to get a better view of the state of the environment, including potential blind spots. This integrated view enables teams to see where operations is in the remediation process and it helps operations teams to plan more effectively and quickly prioritize remediation activity based on policy. This integrated capability also dramatically limits the manual work involved to prepare for an audit.
Overcoming technology challenges can also prevent data breaches. Most breaches targeted known vulnerabilities with patches that were available at the time of the attack. That’s why remediating the most critical vulnerabilities without delay is essential. SecOps Response Service integrates with scanners, BMC Discovery, and configuration management tools, like BladeLogic Server Automation and Microsoft SCCM to provide better and faster analysis and execution – from scan to remediation. So, instead of having IT operations staff pour through volumes of pages of scans in XML spreadsheets or 400-page PDFs, trying to figure out what’s most important and what’s not, they now have the visibility to identify blind spots so that they can be managed, as well as match patches to vulnerabilities, prioritize actions, and remediate vulnerabilities based on business impact. As a result, organizations can dramatically reduce costs while also improving efficiencies – not to mention lower stress!
Another technology issue involves ensuring that application handoffs from development to operations are successful. DevOps teams are under pressure to deliver applications quickly to innovate as their businesses pursue growth through digital transformation. Operations has to deliver security and compliance at the speed of DevOps innovation to gain a competitive advantage. To minimize the risks and business disruptions when applications move from development to operations, BMC’s SecOps solutions provide policies that allow compliance checks early in the development process to prevent security defects from reaching production. This is important because it’s a lot easier and cheaper to fix a defect before an application moves into production.
How cloud impacts SecOps, best practices, and more
The EMA report discussed the top priorities for integrating SecOps as it relates to the cloud; how digital transformation best practices correlate with SecOps success; and other findings that provide insight into what’s needed to more fully integrate SecOps into the enterprise. For more details, read the report: EMA Report Summary: Integrating SecOps with Operations, Development, and ITSM in the Age of Cloud and Agile
1 EMA Report Summary: Integrating SecOps with Operations, Development, and ITSM in the Age of Cloud and Agile ↩
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.