SecOps and the Integration of Security
According to the 2020 VMWare Cybersecurity Outlook Report, 49% of IT and security respondents report their teams being understaffed. Security respondents in particular report understaffing of 48% on average. At a time when business email compromise attacks, malware attacks, insider threats and ransomware are causing increased disruption to business, organizations must remove communications barriers and integrate security roles to combat the understaffing. Based on data from IBM’s threat intelligence index, we know today’s cyber threats against businesses in the US are led by Nation-states. And the industries most targeted are financial services, healthcare, transportation and manufacturing. When security teams are understaffed and our key industries are facing rising threats from well financed and determined bad actors, we need to look at new methods of organically integrating security throughout the whole organization. Enter SecOps
What is SecOps?
SecOps is a methodology for creating a collaboration between security and operations teams to ensure the necessary tools, processes and technology are in place to keep an enterprise secure while also improving its ability to deliver. Through SecOps, security considerations are integrated into business development and operations functions every step of the way beginning from inception. You can think of SecOps as an alignment of priorities within an organization. The result is integrated security and operations teams who previously may have had separate goals of securing assets and streamlining business functions. These goals can quickly be at odds as organizations struggle to balance the need to harden systems yet remain open and accessible to internal staff, customers and vendors.
In a traditional model, before cyberattacks were a daily concern, an IT team would implement a new system or service based on the operational needs of the organization and the security team would be left with the task of assuring the implementation is as secure as possible. In a SecOps methodology, security considerations are invoked from the beginning and help to drive the decisions around the implementation. The security team brings greater visibility to the table on vendor selection and system accessibility decisions based on insights gathered from current threat assessments across the organization. By integrating SecOps into the process from the beginning, the process is streamlined, more efficient and results in a more robust security implementation overall. Tools and technologies are joined together across the organization resulting in strong endpoint protection and optimal IT hygiene.
When security considerations are integrated organization-wide through SecOps, implementing security policies becomes proactive instead of reactive. As the treat landscape can change on a daily basis, this proactive approach gives an organization a distinct advantage when striving to stay ahead of the threat curve. Issues can be identified and resolved much faster and more precisely reducing downtime. Moving from security as an afterthought to security as a core driver of business decisions improves the integrity of overall business systems and hardens defenses.
Whether your IT team is facing staffing shortages or not, integrating security goals throughout your entire organization can help reduce budgets through better planning and response.