The Secops Gap: How It’s Threatening Security And What To Do About It

Every day, consumers and businesses alike share and expose more of themselves online. For hackers, the lure of this data and associated potential payday from exploiting it is often far too compelling to ignore.

Cyberattacks in organizations continue to make headlines with startling frequency and devastating consequences. As a result, they’re bringing the topic of security to the boardroom – prompting business leaders to more closely consider how to protect their companies and customers, while still offering the access and capabilities demanded in the digital age.

While innovation and digital transformation remain a key focus, without the right security operations procedures in place an organization could be a ticking time bomb. Growing complexity of environments coupled with never-ending demands for innovation and improvements have left many Security and Operations (SecOps) teams in a position where they can’t scale, leaving key stakeholders disappointed and hackers delighted.

So how can organizations overcome these challenges and drive efficient and effective security practices?

The first step is to acknowledge or discover where the biggest problems are for your organization.

The good news is that more often than not patches are available for vulnerabilities either at the time they are announced or shortly after. The bad news is that according to a WhiteHat Security report, it takes 193 days to resolve a known vulnerability. Consider that for a moment: even when we know the answer to the problem, it’s taking over half a year to fix the problem. If the problem is public, hackers know about it too and they will not hesitate to exploit the opportunity.

The National Security Agency reported that 80 percent of cyberattacks come from vulnerabilities that are known but left unpatched. Of those attacks, almost all of the exploits were compromised more than one year after the fix was published. In some cases, the vulnerabilities were up to seven years old.

Why is this happening? Why are we allowing ourselves to be easy targets?

There are some complications, the greatest being the “SecOps Gap.” The SecOps Gap refers to a critical breakdown in collaboration between the Security and Operations teams, who struggle with a lack of understanding of each other’s requirements, conflicting priorities, and lack of visibility into one another’s plans, exposing the organization to unnecessary security and compliance risks.

Security teams often believe they are responsible for simply running scans, identifying and reporting vulnerabilities and then handing them to the Operations team to fix. However, the Operations team is held accountable for uptime and stability, and to them, suggested changes in a security report could pose risks to business objectives. The result: vulnerabilities are unnecessarily left open.

In a recent BMC and Forbes Insights report, it was noted that 60 percent of executives believed that operations did not understand the requirements of security, and vice versa. These two teams, who regularly feed information to each other in order to shutdown known threats, actually do not understand each other at all – nor are they aligned on goals.

One of the worst manifestations of this is the lack of visibility to actionable threat information – meaning Security is not communicating to Operations which threats are most severe or most pervasive, and therefore should be prioritized. This is further compounded by restrictions posed by manual processes. In short, keeping large organizations secure against cyber criminals has never been tougher.

An organization’s security arsenal is determined by the combined strength of its Security and Operations teams, their united front fundamental to planning for and identifying risks before they arise, and then removing them. To help close the SecOps gap, organizations must maintain a posture of being audit-ready at all times, which includes adherence to three core mitigation strategies to prevent targeted attempts to hack into systems:

  • Vigilant Compliance: Organizations need to be audit (compliance & regulatory) ready at all times, and these audits need to be quick. Compliance can be the first line of defense if adhered to – protecting the organization from both internal and external foes.
  • Precise Threat Analysis: An effective security strategy requires the ability to see what is in the network, what is on it (or not on it), what business services it supports. Then assess its potential impact and fix the most important things first.
  • Relentless Remediation: Organizations also need precise, automated threat analysis and remediation. There should be a regular cadence with a measured approach to assessing risks and benefits. Relentlessly pursuing vulnerabilities will help strengthen the organization’s security posture and make it harder for hackers to get in “the easy way.”

So how can organizations go from it taking 193 days to remediate vulnerabilities to a state of continuous compliance and rapid remediation? Automation. There is a common saying among IT professionals that if you do the same thing twice the system is laughing at you. The fundamentals of IT are to provide a seamless and efficient way to conduct business actions, streamlining processes and removing redundant or monotonous manual processes – and that extends to security and compliance processes as well.

Threats to the enterprise won’t go away but they can be reduced and controlled with technology and a comprehensive game plan for accelerating execution, generating a holistic view of vulnerabilities, and strengthening controls to facilitate an organization’s ability to drive positive outcomes.

Whether viewed from a security, operational or compliance perspective, SecOps alignment is essential to ensuring modern organizations perform at levels required in today’s competitive marketplace. Along with the challenges that SecOps represents, it also provides an important opportunity for the two teams to set aside the conflict and work towards a single goal of keeping the organization’s operations secure. They can achieve individual goals and improve the overall success of their business by closing this unnecessary SecOps Gap.

About Bill Berutti
Bill BeruttiBill Berutti is the president of the Performance & Availability product line and president of the Cloud Management / Data Center Automation product line for BMC Software, Inc. Berutti joined BMC in April 2014 and has led a business and innovation strategy focused on performance analytics, hybrid cloud management and security operations which has delivered significant customer value and double-digit new business growth.

Prior to joining BMC, Berutti was at PTC where he was executive vice president and general manager of Service Lifecycle Management, the company’s fastest growing business unit. As general manager of SLM, Berutti doubled the size of the business over two years through both organic and acquired growth. His 17-year career at PTC also included senior leadership roles in general management, corporate development, marketing, product management and sales. Berutti began his career at Wallace Computer Services where he was a successful sales leader.

Berutti holds a bachelor of science in business administration from Miami University in Oxford, Ohio, and he is a graduate of Harvard Business School’s Finance for Senior Executives program. He served as a board member of City Year Boston from 2003 to 2012, and he is an alumni volunteer for Miami University.

In this article