Cyber Security
Closing the SecOps gap How to harden IT security against hackers and vulnerabilities
I By By David Carless Automation and Cloud Specialist, BMC Software Australia
10 | Chief IT Magazine
n 2015, headlines were rife with reports of cyberattacks stealing everything from government secrets to children’s birthdays. In 2016, the issue continues to generate story after story, so it’s no surprise security is now the number one priority in every boardroom around the globe. As constant change and the path to digital transformation continues at a rapid pace, it opens the door for hackers and exposes old latent vulnerabilities. The two parties inside organisations charged with protecting an organisation’s security and closing these doors are themselves facing a communication breakdown that’s only deepening the problem. Overlooked by many business leaders, it’s the widening gap between IT operations and security teams that is becoming ever critical in the age of the digital enterprise. BMC Software and Forbes Insights recently surveyed several hundred global executives to get their perspective on their organisation’s overall security health and find out what issues are critical to address. The results revealed the need for a clear framework that organisations can implement and follow to build their strategy for improved security and compliance. Startlingly, the survey showed that 97 per cent of executives expect an increase in breach attempts in the next 12 months, and 44 per cent of executives say breaches occur even when vulnerabilities and remediation techniques are already identified. These two statistics paint a sobering image – almost half of data breaches could have been prevented.
With the threat of attacks on the rise, what causes unimplemented remediation plans to sit on the shelf ? It’s a bit of a list: the lack of visibility between security and IT operations groups, the lack of automation and competing priorities all contribute to the issue, and on average, the time it takes to fix a security vulnerability is a staggering 193 days. This research confirmed what we had heard anecdotally - that security teams are doing everything they can to keep their organisations secure, while the IT operations teams continue to try to do more with less, and keep the business running in the face of constant change. The two organisations, central to the identification and implementation of security countermeasures, are disconnected though in every meaningful way - priorities, processes, requirements, tools, and vocabulary. While vulnerabilities are being discovered, the operations team doesn’t understand the context of these vulnerabilities, and they either fail to prioritise them, or worse, ignore them all together. These factors combine to create the ‘SecOps Gap’. With 60 percent of survey respondents stating IT operations and security teams have only a general understanding of each other’s requirements, it’s clear the SecOps Gap needs to be quickly acknowledged and addressed. To do so, companies must focus on three critical elements to ensure their security and operations teams are aligned on objectives, and share accountability for the security and