Discover Performance

A partnership between Security and IT Ops is the first of four steps to greater security and reliability.

Maintaining a strong security posture is increasingly difficult for enterprises. Cloud solutions, mobile technology and the BYOD trend all make it harder to predict, identify and respond to threats. The increasing speed of business is similarly challenging for the Ops team. Both groups tend to work in parallel, their information and insights siloed. That’s going to have to change.

Faster and better decision-making is predicated on visibility into both the operational health of the organization and the levels of security and compliance risk. Inspired by DevOps principles, the SecOps movement seeks to remove information silos that prevent Ops and Security from collaboratively working to reduce business risk.

The name itself, SecOps, has drawn criticism and some confusion as advocates struggle to differentiate the concept from DevOps, the separate effort to remove silos between those delivering and maintaining applications—the Apps and Ops teams. Whatever name eventually sticks, this collaborative approach between Security and Operations can help businesses recover more quickly from threats and service outages, degraded application performance and slow networks.

Shared insights, better security

From the Ops perspective, collaboration with Security provides a means to tell when a hit to infrastructure performance is not just an application malfunction, but rather an attack. Having Ops teams able to raise that flag helps the security leader too, and enables the CISO to:

• identify and resolve threats faster;
• evaluate and prioritize threats better, thanks to greater severity context;
• raise the business priority of identified issues;
• reduce investigation of false positives; and
• reduce cost by team collaboration.

An example of effective Security/Ops collaboration: Pooling and correlating telemetry and log data from across the organization can provide relevant context to efforts at resolving mission-critical application downtime. The organization can now understand not just whether the cause is a security incident, but also the “big picture” threat to the business.

Framing a productive partnership

Breaking down information silos requires not just buy-in, but active participation from key stakeholders in Ops and Security. The process of moving toward greater operational intelligence has four basic steps.

Step 1. Establish a partnership. Have an initial discussion with the Ops team to express the advantages of collaboration, and to explore the potential of sharing data across your teams and collaborating regularly, especially during crisis intervention.

Step 2. Agree on objectives. To collectively decide how to focus the benefits of increased visibility, identify and prioritize services that you can improve through collaboration. Note that Ops’ and Security’s focuses don’t always align; this is the time to resolve conflicts and identify logical intersections of interest.

Step 3. Identify data for sharing. Which resources can be shared? How can you consolidate the relevant solutions, and, where are there gaps, redundancies or other issues? Not all security data is appropriate to share, so identify exceptions.

Step 4: Set specific goals, including automation, and remove roadblocks. Now that you have a sharing plan, set out specific tasks to leverage collaboration as fully as possible. Remove barriers to success and finding opportunities to automate processes. Specifically:

• Retire redundant applications; when there is a technology conflict, standardize on one.
• Decide how to remediate crises before they occur.
• Define roles, responsibilities and workflows.
• Create automated processes where appropriate to expedite workflows and eliminate human error.
• Practice collaborative response regularly.

Raising the efficiency of security

Collaboration between Ops and Security doesn’t replace departmental specialization, which will continue to exist as it always has. Cooperation simply creates a data superstructure that lets these disparate teams resolve issues more quickly and leverage the advantages of a common analytics platform. 

For years, Security has operated largely as a separate domain within IT. Finally, best practices are emerging to help you transition from a quiet cost center to a full participant in the agility and efficiency of the business at large.

Find out how HP can help organizations operationalize collaboration efforts between Security and Ops with integrated tooling to view and organize aggregated domain data.

For more information about coordinating operations and security, read about HP’s BSM 9.1, integrated with ArcSight Logger for greater security visibility.