Closing the SecOps gap- how to harden IT security against hackers and vulnerabilities


By David Carless, Automation and Cloud Specialist, BMC Software Australia

BMC_logoIn 2015, headlines were rife with reports of cyberattacks stealing everything from government secrets to children’s birthdays. In 2016, the issue continues to generate story after story, so it’s no surprise security is now the number one priority in every boardroom around the globe.

meAs constant change and the path to digital transformation continues at a rapid pace, it opens the door for hackers and exposes old latent vulnerabilities. The two parties inside organisations charged with protecting an organisation’s security and closing these doors are themselves facing a communication breakdown that’s only deepening the problem.

Overlooked by many business leaders, it’s the widening gap between IT operations and security teams that is becoming ever critical in the age of the digital enterprise.

BMC Software and Forbes Insights recently surveyed several hundred global executives to get their perspective on their organisation’s overall security health and find out what issues are critical to address. The results revealed the need for a clear framework that organisations can implement and follow to build their strategy for improved security and compliance.

Startlingly, the survey showed that 97 per cent of executives expect an increase in breach attempts in the next 12 months, and 44 per cent of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.

With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf?
It’s a bit of a list: the lack of visibility between security and IT operations groups, the lack of automation and competing priorities all contribute to the issue, and on average, the time it takes to fix a security vulnerability is a staggering 193 days.

This research confirmed what we had heard anecdotally – that security teams are doing everything they can to keep their organisations secure, while the IT operations teams continue to try to do more with less, and keep the business running in the face of constant change.

The two organisations, central to the identification and implementation of security countermeasures, are disconnected though in every meaningful way – priorities, processes, requirements, tools, and vocabulary. While vulnerabilities are being discovered, the operations team doesn’t understand the context of these vulnerabilities, and they either fail to prioritise them, or worse, ignore them all together. These factors combine to create the ‘SecOps Gap’.

With 60 percent of survey respondents stating IT operations and security teams have only a general understanding of each other’s requirements, it’s clear the SecOps Gap needs to be quickly acknowledged and addressed.

To do so, companies must focus on three critical elements to ensure their security and operations teams are aligned on objectives, and share accountability for the security and compliance of the organisation. These three elements are People, Process and Technology.

A strong people strategy is the heart of an effective change management initiative. Start with setting a consistent vision for the security and operations teams. They need to see that they are interdependent and have shared goals in regard to the overall security of the organisation. They need to balance these goals together with the needs of the business to be agile and reliable.

The processes need to be reviewed in light of the shared goals and objectives. Repetitive, manual workflows should be evaluated to see if they are candidates for automation. Handoffs between the organisations need to be tight and provide opportunities for feedback and learning.

Technology should be deployed to facilitate the coordination and collaboration between these organisations. It is vital to be deliberate and to make sure that the technology you choose is built to solve the complete problem and not just portions of it. Many organisations implement point solutions which fall short of addressing the complete problem. Solutions must also be able to scale to handle the demands and complexity of your enterprise. Of the survey respondents, 60 per cent want tools for automating corrective actions and 59 per cent want a centralised view into vulnerabilities and remediation actions.

A solid strategy to protect your organisation from attacks requires you to be vigilant, precise and relentless in not just finding but closing vulnerabilities. To do this effectively, it is imperative that organisations use automation to do the bulk of the work for them.

BMC BladeLogic Threat Director works with BMC BladeLogic Server Automation to provide operations teams with prescriptive and actionable data to address vulnerabilities based on perceived impact, current operational plans, and policy, to enable the expedient remediation of risks and more focused activities by the operations teams to reduce the overall attack surface.

For the first time, the BladeLogic Threat Director provides the security team with a security dashboard, allowing them to gain views into operational plans to address vulnerabilities and predictive service level agreements to assess the current security readiness of their organisation.

Breaking down the wall between Security and Operations teams and arming them with critical data to make decisions will allow them to work together productively. It will help them make decisions impacting the delicate balance between uptime and availability commitments, and changes required to secure the organisation.

The bottom line is that the flood waters of security breaches will continue to rise until something significant is done. The time for action is now in closing the SecOps Gap.