IT Ops’ role in strengthening security and achieving compliance
It wouldn’t have been Cybersecurity Awareness month without some spooky-themed blogs with language focused on Fear, Uncertainty, and Doubt (FUD). Luckily, this isn’t that kind of blog, but what was true in October is still true today. I won’t tell you that you need to be afraid of bad actors infiltrating your security defenses and wreaking havoc in your infrastructure. Why? Because you are likely stressed enough already. Don’t you think? Let’s talk about problems (because those are very real) and outline solutions instead.
It’s time for action. The first way to combat hackers is to face your fears! Ignorance is not bliss when it comes to compliance and security. The second step is to stay educated to try to think of better ways to stay ahead of threats. The third step is to take action by controlling what you can, while collaborating with various departments internally such as information security and risk management teams.
Are IT and Security pros still “frenemies”?
Security and IT operations departments have traditionally had a complicated relationship. IT Operations (ITOps) teams are focused on things such as monitoring and managing IT servers and systems, developing infrastructure policies and enforcing them, patching vulnerabilities that security throws over the wall, and overseeing upgrades and installation, etc. Information security (InfoSec) teams focus on things such as monitoring security access, conducting security assessments through vulnerability testing and risk analysis, performing both internal and external security audits, and analyzing security breaches to identify the underlying cause. Both teams have to constantly evolve and innovate to protect the organization, and this can cause friction due to competing priorities.
But times they are a-changing! With cloud migration, hybrid and remote working due to the pandemic, and many other factors, these groups are truly dependent on each other to be successful in protecting the organization and its resiliency against a cyber attack. But how does ITOps play a role in protecting the infrastructure and what challenges do they face in doing so?
What the data shows
A May 2020 Forrester Consulting study commissioned by VMware, How a Unified IT and Security Strategy Lays a Foundation for Success, presented data from “a global survey with 1,451 manager level and above respondents and interviewed eight CIOs and CISOs ... All respondents had responsibility and decision-making influence over security strategy.”
The study stated that “Companies ranked collaboration between IT and Security as their top goal for the next year. When security is viewed as a team sport, tasks can move to a shared responsibility model across teams.” The study also noted that “Consolidated IT and Security strategies lay a foundation for future success. To combat this tension, companies are implementing a more unified, consolidated IT management and security strategy.”
Notably, the Forrester study also shared that when respondents were asked their organization’s top priorities over the next 12 months, 55% said to “drive collaboration and alignment between security and IT teams.”
The role of IT Operations in Security and Compliance
At the center of your security posture is a full inventory of all your assets, and knowing them all (inside and out) is imperative. You need to understand the criticality of each asset so you can work with the security team and help calculate the risk of a breach. Not to mention, knowing your environment well will really help you when it comes time for an IT compliance or IT security audit.
The delta between ITOps and InfoSec is compliance, and compliance is achieved by reducing risk. If IT and Security teams can work together to help to bridge the gap by considering proactive risk management methods and moving away from constant reactive approaches, they can accomplish their business goals together such as:
- Improving the security posture by shrinking the attack surface within the IT infrastructure by implementing automation and orchestration tools that keep the infrastructure in the desired state of compliance
- Leveraging compliance and security regulations as best practices to achieve compliance consistently
- Remain in an audit-ready state to demonstrate compliance to auditors and/or regulators
- Improve policy adherence by turning written regulations into policy-as-code
By collaborating together, ITOps and Security should view security and compliance as a “team sport” and share the accountability. By working together, they can have a huge impact on fortifying the security posture, ensuring business continuity, and protecting the organization’s trusted brand. It’s a win-win-win.
Combat dwell time by proactively shoring up your IT infrastructure
Dwell time is often referred to as “breach detection gap,” and it represents the amount of time between a system breach and when the attack is discovered. There’s always a shiny and new technology that claims to best protect an organization from bad actors. But security and IT teams have learned that no one vendor or tool can protect or defend in full. Building a strong security posture is really made up of several puzzle pieces that are imperative to complete the full picture with the efficiency of automation and orchestration in both security perimeter defenses and the IT infrastructure.
Alert fatigue is a real issue that security experts deal with. With so many alarms going off and trying to weed through false positives, some critical alerts could slip through the cracks. The Ponemon Institute recently released a study on the Cost of a Data Breach with IBM in 2021 on this. According to the report, “In 2021 it took an average of 212 days to identify a breach and an average 75 days to contain a breach, for a total lifecycle of 287 days.” That’s a long time in which bad actors may be lurking in your infrastructure undetected, looking for the low-hanging fruit to exploit.
It is crucial to proactively combat dwell time. The dwell time calculation is critical in determining the potential impact an organization may feel from a cyberattack. Hardening your IT infrastructure is essential to reducing your cyber risk. The Center for Internet Security (CIS) offers guidance in the form of benchmarks or best practices for the secure configuration of a target system.
Automate and enforce policy as code with Puppet Comply
Puppet Comply enables continuous compliance across hybrid infrastructure while removing overhead and manual work. It provides a holistic view of compliance status throughout cloud and on-prem environments, generates reports to easily prove that systems remain in check, and enforces policy as code with expert-built content and modules configured to your environment. Organizations can leverage turnkey Compliance Enforcement Modules policy as code aligned to the CIS Benchmarks, a set of guidelines for secure system configuration from the Center for Internet Security (CIS). Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, ISO/IEC 27001.
Completing the Puzzle
IT Operations professionals now have an amazing opportunity to move from a reactive approach to mandates from the security organization or even C-levels to a proactive partnership. IT teams can take the initiative to become part of this proactive strategy by collaborating with security teams. Not to mention, this collaboration can open up potential budget sharing opportunities to drive IT initiatives such as implementing automated drift management technology because it not only helps these teams be more productive but also more secure.
- Understand the real value of continuous compliance.
- Learn what to expect when you’re expecting an audit.
- Learn how to foster a culture of joint accountability for compliance across your organization.