Security breaches continue to be on the rise and it’s costing businesses in a big way. Last year alone, we saw several massive breaches; including Target, Home Depot and UPS, indicating that IT security is still a huge problem for organizations. In today’s ever evolving threat landscape, most of these breaches occur due to known vulnerabilities, with patches that are often available the day they are discovered – or soon after. So how is it that IT defenses are still being breached despite having security processes in place?
Part of the problem is purely organizational. There are two primary groups involved in delivering on the goal of security and compliance - the IT security team, and the IT operations team, collectively known as SecOps. SecOps have traditionally been considered separate functions, often making it more difficult to quickly identify and respond to potential vulnerabilities. Given the steady stream of high-profile breaches, coupled with larger, more complex IT environments, new regulatory standards and rising penalties for non-compliance, it’s critical that these two functions collaborate in order to accelerate remediation efforts and ensure the security and compliance of the organization.
Who’s Responsible for What?
The model for how these two teams are meant to function is pretty straightforward. The security team is ultimately responsible for defining the policies and strategies for identifying and remediating vulnerabilities within their networks. The IT operations team is responsible for keeping critical business systems available and performing to the required levels and meeting corporate and regulatory requirements. Seems simple, right? Not exactly.
The reality of how these teams collaborate is much more challenging and can seem like the ultimate domino effect. Several factors contribute to this including:
- Tasks are performed manually - Many SecOps teams use siloed tools to perform infrequent manual audits to assess security and compliance issues, then remediate the issues by hand. This can be a slow, error-filled process. With environments constantly changing.
- Integration is non-existent – The use of siloed tools means security and operations aren’t sharing or integrating data across teams and other departments, further segmenting the functions of these teams. It’s important from a security standpoint that both teams understand risk posture and accumulate the information in a digestible way and streamline reporting across the IT organization from the CSO to the CIO to the VP of Infrastructure – and the list goes on.
Closing the Gap
Closing the gap will require a number of components starting with people, technology and process. There has to be a fundamental shift in thinking about how organizations efficiently achieve risk, governance and compliance. In addition, there has to be an understanding of the roles, challenges and goals of both the security and IT operations teams in order to change.
Regarding “change,” it’s inevitable that unforeseen things such as new technologies and vulnerabilities are going to happen. It’s important to be flexible in order to efficiently address potentials threats. Sharing data collaboratively with shared tools will help. Lastly, consider deploying an integrated intelligence solution that continuously automates compliance tasks to lower the cost of auditing and compliance, reduce risk and enable efficient collaboration between security compliance and operations teams.
And of most importance, teamwork must be put front and center in your organization. The security and operations teams must develop and learn to speak a similar language, appreciate each other’s organizational responsibilities, and find a shared set of goals and metrics to hold each other accountable and measure success.
At Regis University, you will learn to not only identify and fix the technical issues impacting your organization’s risk posture, but also identify and reduce the organizational friction that can be, in my opinion, the leading cause of most breaches. At Regis, students learn to work in teams, master their communication skills and executive presence, and develop information security governance models that minimize organizational friction and ultimately deliver quicker and more cost effective risk reduction.
Want to learn more about Regis University’s information assurance program? Contact an admissions counselor by requesting more information or calling 877-820-0581.