An introduction to SecOps

SecOps is a new paradigm for seamless collaboration between IT Security and IT Operations to more effectively mitigate risk, in much the same way that DevOps established a new way of working between application developers and IT Operations. Where traditional approaches to security and compliance have failed, SecOps deploys new work processes and solutions that enable teams to prioritize and remediate critical vulnerabilities. With SecOps, teams can systematically address compliance violations through an integrated and automated approach across all environments, whether on‐premises, hosted, private, public, or multi‐cloud.

Nowadays, more and more bossiness are moving into the cloud. Cloud services and the Internet of Things (IoT) are driving fundamental changes to how organizations achieve their objectives. Adoption of DevOps has accelerated the release of code to production environments, particularly in the cloud, thus rapidly accelerating an already tenuous software development process. Finally, while cloud and DevOps have taken some focus off the data center, on‐premises IT workloads are still projected to more than double from 2015 to 2020, requiring organizations to manage security and compliance for both on‐premises and cloud environments (from BMC blog).

Need for SecOps

According to a BMC and Forbes study, 65 percent of respondents reported that they believe security would improve if the security staff collaborated more closely with operations teams.

IT Operations and Security teams must work together, but often have different priorities.

  • Operations teams must ensure business‐critical IT systems are always available and performing at a high level. Security teams must ensure these same systems are secure and compliant with various regulatory standards and internal policies. Although both teams have the best interest of the organization in mind, balancing security and system performance requirements is challenging because their goals and priorities often conflict.
  • The two teams often use different tools, each optimized to its specific needs. For example, although security teams often acquire tools to detect vulnerabilities, they are rarely authorized to make changes directly to server, network, or cloud resources to address the vulnerabilities.
  • When the security team runs automated scans of the IT environment for compliance issues, the results are frequently shared with the operations team via massive spreadsheets that can contain thousands of lines of data and lack any context. The discovered vulnerabilities often are not ranked in terms of impact or priority and are often just passed to the operations team with an edict to “get it done,” leaving remediation decisions up to the IT operations team.
  • IT Operations must then manually identify which systems are affected by the vulnerabilities, which remediation actions must be taken, the relative priority of the vulnerabilities, and the urgency with which they must act. When that assessment is completed, the updates are then tested, ticketed, scheduled against maintenance windows, approved by change boards, and finally implemented.
  • Competing priorities, disparate tools, poor communication, and lack of visibility conspire to increase friction and inefficiencies that can create gaps in the security posture and leave businesses susceptible to increased risk and cyberattacks — commonly known as the SecOps gap.

Many organizations are now taking a new management approach to bridge the gap between security and IT operations teams, to ensure that systems meet performance and availability needs, and to stay secure and compliant. Much like DevOps, SecOps is an approach that links security and operations teams together with shared accountability, processes, and tools, to ensure a high level of security and compliance while also meeting business requirements for performance, availability, and agility.

Understanding SecOps

The SecOps model aims to improve the security posture of the organization by facilitating better collaboration between Security and IT Operations. The goals are to

  • Keep the operations and security teams aligned and operating efficiently.
  • Provide visibility into changes that must be made to shore up security defenses, as well as the impact of those changes on other parts of the business.
  • Provide a record of the changes that have been made and the exceptions that have been granted.
SecOps is the seamless collaboration between Security and IT Operations to effectively mitigate risk.

To more effectively close the SecOps gap, organizations need to automate manual steps, streamline the detection to remediation process, and remove vulnerabilities faster. To do this, they need better

  • Vulnerability information: Security‐based vulnerability scanners often identify the server name and associated vulnerabilities. However, IT Operations needs to understand whether the scanner covered all servers in the environment, how those servers relate to business applications or services, what remediations are available, and how critical the vulnerabilities are.
  • Planning analytics: IT Operations needs to plan remediation actions based on the type of remediation (for example, configuration change, patch, script execution, and so on) while also considering the criticality of the system impacted and the agreed‐upon maintenance window of each system.
  • Tools integration: Whether consuming vulnerability scan data, entering change tickets, or executing remediation actions, removing manual steps is necessary to accelerate actions, improve scalability, and reduce errors.
  • Remediation execution: Once the vulnerability is known and matched against a remediation action that has been tested and approved, it must be effectively executed. This requires visibility into ongoing remediation actions, automatic error handling, verification of successful changes, and automated rollback when changes cause issues.
  • Operational intelligence: Make security visual and actionable with vulnerability information enriched by context and operational data, such as application or business service, to prioritize vulnerability handling based on the potential impact within your operating environment. Specifically:
    • Identify blind spots so all systems are analyzed.
    • Combine security and operations data for more
      accurate and actionable analysis.
    • Prioritize and fix the most critical flaws first.
  • Multi‐tier remediation: Drive consistency, scalability, and flexibility with automated remediation that considers the application, the process, and the severity of the issue. Specifically:
    • Automate response to violations.
    • Fit the process to the environment.
    • Use a tiered approach to remediation based on
      severity and application impact.
  • Continuous security monitoring: Improve multi-cloud security and compliance while simultaneously enhancing innovation for development teams. Specifically:
    • Automate security assessment for any asset, on‐
      premises or in the cloud.
    • Automate cloud service configuration checks and
      ongoing monitoring.
    • Manage configurations consistently and with an
      audit trail.
    • Embed security checks into DevOps pipelines to
      find code security issues before they are released
      to production, where the risk and cost are greater.

SecOps with DevOps

Using a DevOps approach, companies can deliver applications faster, at a higher level of quality, and at a lower cost. In fact, a study by McKinsey found that companies that embrace an agile DevOps approach to development, testing, and operations see an twice improvement in time to market and updates to servers, and a near 50 percent reduction in handoffs per process. From devopedia.org

As organizations “shift left” (test early and often in the software development life cycle process) to improve agility, this naturally creates new challenges and exposes different bottlenecks in their DevOps processes. For example, compliance and security remains a manual, ad‐hoc activity at the end of a release, which forces tough decisions about risk acceptance versus costly late code fixes. Furthermore, cloud adoption and containerization introduce mode‐two (new and innovative) resources into these processes that create real security and compliance gaps that most organizations haven’t considered. Without a comprehensive compliance strategy that addresses these issues, organizations will eventually fall behind competitors and increase their risk of data breaches and ransomware.

Why “shift left”? Let’s look at the cost of fixing defect on a different stages of SDLC.

  • Increased time and effort to fix the length of time between defects being introduced and detected results in a greater effort required to fix them. For example, it is much easier for developers to detect problems in their code when they are actively working on it, as the code is still fresh in their minds and it is easier to fix even complex issues.
  • “But it worked on my machine”. During the testing phase, it can be time-consuming to reproduce defects on a developer’s local environment. While it is relatively easy to identify issues that are clearly broken or do not meet requirements, it is much more challenging to uncover deeper defects such as memory leaks or race conditions.
  • When software has been released and is being used in the field, not only is it difficult to locate defects, but it is also risky to try to fix them. In addition to avoiding negative impacts on live users, it is essential to maintain the availability of the service, as this is critical for business. The cost of fixing defects at this stage can be as much as 600 times higher than if they were addressed earlier in the development process, due to the additional challenges and risks involved.

SecOps helps organizations gain a competitive advantage by increasing agility, while closing security and compliance gaps associated with the latest cloud and container technologies. A comprehensive SecOps program provides a unified view of compliance data collected across data center, cloud, and container resources that is analyzed against flexible predefined policies. Compliance checks can also be embedded directly in DevOps pipelines for instant feedback regarding go and no‐go decisions in the process.

SecOps Roles and Responsibilities

Within a SecOps organization, key traditional roles still exist, but work more collaboratively to achieve the business and security goals of the organization. These roles include:

  • Security: In a SecOps model, much like in a traditional model, the security team identifies and prioritizes vulnerabilities that must be remediated. However, unlike a traditional model, in which Security hands off these tasks to IT Operations, Security is fully involved during implementation, and is accountable for helping the operations team to understand the risk of the vulnerabilities at the time of discovery as well as if new information, such as an exploit in the wild, requires reprioritization or a change in tactics.
  • Operations: IT Operations works closely with Security to remediate vulnerabilities in a timely manner, regardless of whether it is a server, application, network, or cloud service vulnerability. They also communicate business requirements for uptime and availability, the change process, and maintenance windows, so that expectations are aligned.
  • Development: App developers partner with the SecOps team to understand and address security requirements early in the software development life cycle (SDLC). Within a secure DevOps process, developers address security and compliance requirements in the continuous integration (CI) and continuous delivery (CD) DevOps models. Whereas DevOps deploys “infrastructure as code,” SecOps requires “secure infrastructure as code.” In a secure SDLC, developers know how to write secure code and deploy it securely.
  • Compliance and legal: These organizations work closely with SecOps teams to ensure automated policies and auditing tools satisfy changing legal and regulatory requirements.
  • Business stakeholders: Line of business managers and corporate executives increasingly understand the critical nature of security and compliance, and the need to promote “top-down” support for proactive SecOps.

SecOps enables companies to take a comprehensive and proactive approach to security issues by managing known vulnerabilities, rather than simply reacting to the latest attacks. Organizations can manage by policy and automatically address security issues to protect their businesses. Today, network and systems administrators and IT staff are stretched thin and manual tasks consume key cycles and drive up costs. Automation can help them reduce that burden.

Hope, you like the post. Please follow me on Twitter or LinkedIn and subscribe to newsletter below.

Be an ethical, save your privacy!

subscribe to newsletter

and receive weekly update from our blog

By submitting your information, you're giving us permission to email you. You may unsubscribe at any time.

Leave a Comment

Discover more from #cybertechtalk

Subscribe now to keep reading and get access to the full archive.

Continue reading