I first read Dr. Covey’s 7 Habits of Highly Effective People over 25 years ago and, despite the technological revolutions in that period, it is as relevant today as it was when the earth cooled. As we look to the new year for opportunities to improve our IT operations and security, let’s remember to begin with the end in mind, as well as to put first things first. With that said, here are some thoughts on resolutions for 2018.
Put Security and Operations on the same page. “Easier said than done,” right? This resolution may very well be a repeat of last year. Let’s face it: aligning Security and Operations teams is a monumental challenge to most organizations. Precisely for this reason SecOps, executed well, can be a potent competitive advantage. With the right tools, your teams can work together to assess, prioritize, and schedule remediation to improve security posture while maintaining availability. This is the end in mind.
Use your staff more effectively. According to a 2017 report from Cybersecurity Ventures, cybersecurity is projected to remain at full employment through 20211. The right skills are scarce, positions go unfilled, and you certainly don’t want existing talent walking out the door. Security requires expertise – knowing how to configure software, networks, and cloud services securely – as well as the vigilance to stay on top of dynamic environments which are facing new risks daily. Manual oversight is not scalable. What’s needed is tooling to help your security experts automate the routine tasks, so they can spend more time planning for the next big threat. Less ditch digging and fire drills, more high value motion and results.
Identify your blind spots. Blind spots are the unexploded ordinance camped on your network that you don’t know you are not scanning. These unmanaged assets reside outside of security governance, creating a prime target for hackers to attack. An optimal solution would automate asset discovery, map dependencies, and cross-reference those assets to scan logs to highlight blind spots and bring them into compliance.
Make security actionable by combining Security and Operations data. We need to say goodbye to emailing spreadsheets of vulnerabilities between Security and IT Ops. Email is asynchronous, spreadsheets lack situational context, and both are often outdated by the time they are read. A better solution combines data from endpoint management systems, vulnerability scans, and asset discovery, synthesizing results into an intuitive visualization of vulnerabilities. Such operational intelligence can then be filtered, assessed, and prioritized so that Ops and Security can agree upon and execute a remediation plan.
Prioritize and fix the most critical flaws first. Not all vulnerabilities pose an equal threat to your business. The highly effective security analyst will rapidly assess available info for context, extract signal from noise, and prioritize action. Filtering vulnerabilities by severity, impacted domains, and aging helps drive informed remediation actions to quickly minimize risk.
Automate response to vulnerabilities. Scarce talent and multi-cloud proliferation work in devious tandem to accelerate your security headaches. For many organizations, matching vulnerabilities to resolutions and then taking action is a manual process, one which cannot keep up with rapidly changing dynamic environments. Automating the response to vulnerabilities increases productivity of existing headcount, a useful countermeasure to the current cyber talent shortage. Moreover, it improves response time, reduces your threat surface, and fuels ROI.
Stay tuned for Part 2 of our series, where we discuss resolutions to enable continuous security monitoring of your multi-cloud environments, and embed security and compliance testing into DevOps processes.
1 Cybersecurity Ventures, 2017↩
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.