Successful SecOps Teams Automate and Align – InApps 2022

SaltStack sponsored this post.

The most common type of cybersecurity exploit in 2019 was not a zero-day attack, an AI-powered mega virus or even a super-Saiyan-level hacker backed by an enemy nation-state. The vast majority of exploits and breaches were caused by the InfoSec and IT equivalent of not maintaining your car or brushing your teeth.

Unaddressed cyber hygiene is the leading cause of data loss and compromised digital business infrastructure. This is not news, but it remains a substantial problem for IT and security operations teams. Why?

Why not just patch that database or reconfigure that server that’s been out of compliance for months? Why is your oil change overdue? Or do you floss and brush your teeth as much as you should?

Typically in a large digital enterprise, it is the security team’s job to identify and prioritize security risks and the IT team’s job to take action, fix issues and deliver infrastructure security. Every vulnerability and the accompanying fix requires some amount of work to test, run through change process controls, and eventually patch or reconfigure vulnerable systems — all while not breaking some app or business service.

The work of IT security is not easy, yet the contributions of both teams are critical to digital business security.

Understand the Problem Before Trying to Fix It

As an industry, we aren’t going to be able to deliver real IT security until we first understand what is keeping us from it. This is why we went straight to the source, to IT and security executives, to better understand what they each think about their co-workers on the other side of the aisle. We set out to understand the blockers facing security and operations collaboration, and ultimately quality cyber hygiene.

SaltStack commissioned an independent market research firm to survey a random sample of 130 verified InfoSec and IT leaders. Seventy-one percent of respondents reported working in the financial services industry, with 80% at the manager level and above. The study was conducted in January 2020 and has a margin of error of +/-8.6% at the 95% confidence level.

The key findings in “The State of XOps Report, Q2 2020 — Successful SecOps Teams Automate and Align” provide a revealing insight into why IT security operations teams are falling short too often and how they are working together to fix it. You can read The State of XOps Report five-page infographic here.

On the bright side, there is hope for the security of digital infrastructure and for the protection of the valuable business data that runs on it, but we need to work through some of our issues first.

The New Normal Mandates IT Does More with Less

Gartner predicts that “through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.”

There is intense pressure on IT and security operations teams to do more with less while keeping the lights securely on. And no doubt both teams need more help, especially in a global economy dealing with a pandemic.

A recent 451 Research report reaffirms the struggle is more real than ever, revealing several acute impacts to IT organizations resulting from the global COVID-19 coronavirus outbreak. Specifically:

• IT hiring is mostly frozen and help is not coming anytime soon.
• Existing IT teams are struggling to be productive.
• The business is actually spending more on technology like hybrid cloud, security, and network to accommodate our new, more-digital reality.

You can read the 451 Research Digital Pulse report here. Bottom line, the only way to do more with less — including delivery of infrastructure security and compliance — is to get the most out of your teams by automating more work and facilitating better collaboration.

Agree…

There are two areas of undeniable alignment between InfoSec and IT professionals:

• Seventy percent of InfoSec and IT managers say their company sacrifices data security for faster innovation.
• Both InfoSec and IT managers reported that data protection should be prioritized over innovation, speed to market, and cost.

Survey respondents also estimated that a major data breach would cost their company $707,000, on average. However, even with these high financial stakes a rift between InfoSec and IT is apparent and persists despite the threat to business.

InfoSec managers point at a skills and talent shortage, followed by misconfigured infrastructure and unaddressed vulnerabilities. IT managers said the highest risk stems from unintentional employee leaks and endpoint attacks. The reality lies somewhere in between…

…to Disagree

An emerging SecOps mindset must apply some of the same principles proven out by DevOps best practices that have been established before. The State of XOps report findings indicate how close, or far, we are from getting there.

Despite the obvious benefits of improving team alignment, 54% of InfoSec leaders say they communicate effectively with IT professionals. However, only 45% of IT professionals agree. Collaboration and communication that is only effective half of the time is a dismal success rate but it also starts to explain a track record of wide-spread infrastructure vulnerability and data exploits.

Technology Impacts Team Effectiveness and InfoSec Outcomes

However, in companies where technology is used to help IT and InfoSec teams collaborate, managers are four times more likely to say their teams communicate effectively on important tasks than companies that don’t use such technology.

But more importantly, the data also revealed that organizations using software to help IT and InfoSec teams collaborate and align are three times more confident in the effectiveness of their information security efforts. While better collaboration is nice, it means nothing if infosec effectiveness doesn’t improve. This is the objective.

Correlated, the data suggests that companies that automate the work of infosec tasks are five times more likely to say their IT and InfoSec teams collaborate better.

Weren’t robots supposed to have all the tedious jobs by now?

Automated security operations eliminate the most tedious, dreaded security tasks as cited by both IT and InfoSec professionals. These are:

• Both IT and infosec pros agree that patch management is the most dreaded task.
• Infosec pros despise the work of vulnerability prioritization.
• IT pros hate compliance audits.

According to Forrester Research, “Today’s security initiatives are impossible to execute manually. As infrastructure-as-code, edge computing and internet-of-things solutions proliferate, organizations must leverage automation to protect their business technology strategies.”

What dev and ops teams did for agile tech innovation, security and ops teams need to do for real and continuous infrastructure security. The SecOps mantra must be to get integrated security operations teams to collaborate better and automate more. The objective is simple — build a truly secure fortress around digital business by creating consensus, fixing issues, and securing infrastructure.