Better Together: Why It's Time for Ops and Security to Converge
Threat actors are becoming only more sophisticated and determined.
Current approaches to managing operations and security made sense at the time they were established, pre-cloud and pre-digital transformation. Now, with networked multicloud environments, both digital operations and security are far more complex. And even in the digital world, people and teams want to protect their turf. According to IBM's most recent cyber-resilience report, the top three reasons why cyber resiliency has not improved are:
Inability to reduce silo and turf issues
Fragmented IT and security infrastructure
Lack of visibility into applications and data assets
These are all operational issues.
Operations has been fragmented, with responsibilities scattered across lines of business, including IT, finance, sales and marketing, DevOps, and SecOps. Chief information officers (CIOs) scramble to make sure information is available to those who need it while trying to stay compliant with business and data policies. Meanwhile, chief information security officers (CISOs) focus on protecting assets and data from loss and threats across the entire business. All organizations face a daily flood of data across the multitude of tools and systems they rely on to run their businesses — and yet that data is siloed too.
At the same time, threat actors are increasingly sophisticated and determined. Ransomware is practically a legitimate business — perpetrators have "customer" help desks and arrange payment terms for their victims. Adding tools and people to address security doesn't scale and can no longer solve operational and security issues effectively. The status quo of siloed operations is just not sustainable.
According to IBM's research, the average midsize enterprise runs more than 45 security tools — and that's not to mention those for monitoring applications, the network, and cloud operations. Most are designed for a unique function, which they may do exceedingly well. But together, they can become a management nightmare or be ignored, which is a shame, since their data is valuable. It doesn't make sense to have so many tools yet limit data you ingest — and you also need that data over time to discover potential issues before damage occurs.
Security and Operations Must Join Forces
It's time to think differently about approaching both operational integrity and security. Start by considering what ops and security organizations have in common:
Availability: Ops is responsible for ensuring business systems and information are available to all who need access. Security teams are responsible for ensuring the right data is available to the right people at the right times on the right devices.
Risk: The ops view of risk focuses on keeping everything up and running to avoid downtime and poor performance that kill business productivity and efficiency. Security organizations view risk in terms of data loss, manipulation, and damage to the business.
What if digital operations and security shifted from operating separately — working in silos, managing a lot of tools, duplicating efforts — to working together on a shared data and analytics platform? And what if that platform made them more effective at delivering on their common objectives of providing availability across infrastructure and assets while reducing risk?
Digital ops and security share a common goal of keeping the business operating securely at optimal capacity. To succeed in this shared mission, you need to create a cohesive "digital + security" approach, supported by a team that collaborates and optimizes the resources at hand — both human and machine.
Security and Operations Need a Common Operational Picture
For many companies, the cost of running operations takes a disproportionate share of budgets, leaving less to spend on innovation and growth. And it's not helping reduce risk (of downtime or breaches). The only solution is to accelerate digital transformation by shifting focus from worrying about risk to preventing it. And the only way to do that is converging all your operations and security data into a common platform.
Merging ops and security with an information-sharing platform enables fully secured, reliable, and convenient enterprise operations.
By ingesting and analyzing all your operational and security data, you can ultimately derive a common operational picture (COP). From there, you need to connect the dots across ops and security data to gain the context and intelligence necessary to successfully manage risk. Applying advanced analytics and machine learning, organizations can then identify pre-incident situations, rank them by business risk, and correlate them with sufficient context for proactive resolution.
Ops and security can 100% work together. By doing so, CISOs and CIOs gain insights and can prove damage avoided — which means they can show "goals saved" and quantify value.
About the Author
You May Also Like