The Role of Ops in IT Operations Security

We don't need to remind you that you need to be afraid of bad actors infiltrating your security defenses and wreaking havoc in your infrastructure. Why? Because you are likely stressed enough already. Don’t you think? Let’s talk about problems (because those are very real) and outline solutions instead.

What is IT Operations Security?

IT operations security (sometimes called SecOps) describes the efforts of IT operations and IT security teams working together to protect data and secure against cybersecurity threats. 

It’s time for action. The first way to combat hackers is to face your fears! Ignorance is not bliss when it comes to compliance and security. The second step is to stay educated to try to think of better ways to stay ahead of threats. The third step is to take action by controlling what you can, while collaborating with various departments internally such as information security and risk management teams.

Is IT Security Part of IT Operations?

IT operations and IT security both play a role in IT operations security. InfoSec teams monitor and audit security, while IT ops manage systems with policies and patches that enforce security standards. Both are essential to strong IT security.

Security and IT operations departments have a codependent – but not always simple – relationship to one another. Both teams have to constantly evolve and innovate to protect the organization. Their competing priorities and shared resources can cause friction between IT ops and InfoSec teams.

IT operations (IT ops) teams are focused on monitoring and managing IT servers and systems, developing infrastructure policies and enforcing them, patching vulnerabilities that security throws over the wall, overseeing upgrades and installation, and other operational strategies and tasks.

Information security (InfoSec) teams focus on things such as monitoring security access, conducting security assessments through vulnerability testing and risk analysis, performing both internal and external security audits, and analyzing security breaches to identify the underlying cause.

How DevOps and Security Can Actually Help Each Other

The referenced media source is missing and needs to be re-embedded.

DevOps unlocks agility in software development, which sometimes puts it at odds with good security practices. But it doesn't have to be that way. Download the free ebook to learn more.

GET EBOOK

The truth is that IT operations and security teams are truly dependent on each other. They rely on each other's responsibilities and strengths too successfully protect an enterprise's IT and ensure its resiliency against a cyber attack (especially with the rise of cloud migration, hybrid cloud ops, and remote work).

But if security isn't a primary responsibility of IT ops, how does IT ops play a role in protecting the infrastructure? What challenges do they face in doing so?

What Data Shows About IT Operations Security

A May 2020 Forrester Consulting study commissioned by VMware, How a Unified IT and Security Strategy Lays a Foundation for Success, presented data from “a global survey with 1,451 manager level and above respondents and interviewed eight CIOs and CISOs ... All respondents had responsibility and decision-making influence over security strategy.”

The study stated that “Companies ranked collaboration between IT and Security as their top goal for the next year. When security is viewed as a team sport, tasks can move to a shared responsibility model across teams.” The study also noted that “Consolidated IT and Security strategies lay a foundation for future success. To combat this tension, companies are implementing a more unified, consolidated IT management and security strategy.”

Notably, the Forrester study also shared that when respondents were asked their organization’s top priorities over the next 12 months, 55% said to “drive collaboration and alignment between security and IT teams.”

IT Operations Ensures Compliance, Which Helps Security

At the center of your security posture is a full inventory of all your assets, and knowing them all (inside and out) is imperative. You need to understand the criticality of each asset so you can work with the security team and help calculate the risk of a breach. Not to mention, knowing your environment well will really help you when it comes time for an IT compliance or IT security audit.

How IT Ops Can Help Ensure Compliance (Without Taking On More Work)

Click the image below to watch a webinar on how IT ops can help ensure compliance, or click the button below it to bookmark the webinar for later.

The referenced media source is missing and needs to be re-embedded.

WATCH LATER

The delta between IT ops and InfoSec is compliance, and compliance is achieved by reducing risk. If IT and Security teams can work together to help to bridge the gap by considering proactive risk management methods and moving away from constant reactive approaches, they can accomplish their business goals together such as:

• Improving the security posture by shrinking the attack surface within the IT infrastructure by implementing automation and orchestration tools that keep the infrastructure in the desired state of compliance
• Leveraging compliance and security regulations as best practices to achieve compliance consistently
• Remain in an audit-ready state to demonstrate compliance to auditors and/or regulators
• Improve policy adherence by turning written regulations into policy-as-code

By collaborating together, IT ops and Security should view security and compliance as a “team sport” and share the accountability. Together, they can make a huge impact by fortifying the security posture, ensuring business continuity, and protecting the organization’s trusted brand. It’s a win-win-win.

IT Operations Security Examples: How IT Ops + InfoSec Can Work Together

The relationship between IT ops and InfoSec doesn't have to be characterized by tossing stuff over the wall and hoping it turns out. Here are a few key opportunities for collaboration between teams that can ensure IT operations security across an organization.

Combat Dwell Time by Proactively Shoring Up Your IT Infrastructure

In cybersecurity, dwell time is the amount of time between when a system breach occurs and when someone in the victim organization notices. The longer the dwell time, the more time an attacker has to damage the system or steal sensitive information. Dwell time is also referred to as the breach detection gap.

The Ponemon Institute recently released a study on the Cost of a Data Breach with IBM in 2021 on this. According to the report, “In 2021 it took an average of 212 days to identify a breach and an average 75 days to contain a breach, for a total lifecycle of 287 days.” That’s a long time in which bad actors may be lurking in your infrastructure undetected, looking for the low-hanging fruit to exploit.

It is crucial to proactively combat dwell time. IT operations can be critical for shrinking the breach detection gap, because hardening your systems and infrastructure is essential to reducing your risk. The Center for Internet Security (CIS) offers guidance in the form of benchmarks or best practices for the secure configuration of a target system.

Alert fatigue is a real issue that security experts deal with. With so many alarms going off and trying to weed through false positives, some critical alerts could slip through the cracks.

There’s always a shiny new technology that claims to solve these problems and protect an organization from bad actors. But security and IT teams have learned that no one vendor or tool can protect or defend in full. A strong security posture is really made up of several puzzle pieces that are imperative to complete the full picture with the efficiency of automation and orchestration in both security perimeter defenses and the IT infrastructure.

Automate and Enforce Policy as Code 

IT operations and infrastructure teams also enforce policy as code (PaC), which ensures secure, compliant, repeatable configurations across infrastructure.

Puppet enables continuous compliance across hybrid infrastructure while removing overhead and manual work. It provides a holistic view of compliance status throughout cloud and on-prem environments, generates reports to easily prove that systems remain in check, and enforces policy as code with expert-built content and modules configured to your environment.

Organizations can leverage Compliance Enforcement, which leverages Puppet policy as code aligned to CIS Benchmarks and DISA STIGs. Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, ISO/IEC 27001.

Completing the IT Operations Security Puzzle

IT operations professionals now have an amazing opportunity to move from a reactive approach to mandates from the security organization or even C-levels to a proactive partnership. IT teams can take the initiative to become part of this proactive strategy by collaborating with security teams.

Not to mention, this collaboration can open up potential budget sharing opportunities to drive IT initiatives such as implementing automated drift management technology because it not only helps these teams be more productive but also more secure.

More Compliance and Security Resources

• Learn what to expect when you’re expecting an audit.
• Learn how Puppet supports compliance with the Australia Cyber Security Centre's Essential Eight.
• How to manage your unused modules with Dropsonde.
• How Puppet is securing against command injection vulnerabilities.
• Learn how to foster a culture of joint accountability for compliance across your organization.

Security Needs? Puppet Can Help