How to End the War Between Information Security and IT Operations
Puppet sponsored this post.
Traditionally, organizations have maintained a division of both duties and personnel between IT operations and information security. The unfortunate end result has been that different methodologies focus between IT ops and security lead to a lack of collaboration. While IT operations focus on making information available by maintaining and improving virtual and physical infrastructure, it can often seem like security teams work to obscure information and reduce availability through strict access controls and policies.
These different approaches lead to different processes, creating significant issues in organizations when it comes to remediating vulnerabilities and addressing compliance. In addition, this situation increases misunderstandings, making progress slow, inefficient and expensive.
Because of the break-neck pace at which vulnerabilities can be exposed and exploited, security teams are required to use sophisticated tools to scan, test and audit networks, systems and services. However, most IT operations teams still use many manual processes.
This gap between detection speed and remediation methods slows down the addressing of vulnerabilities, putting the entire infrastructure at risk of external attacks.
Why Do We Need to Address These Gaps in Understanding?
There are more vulnerabilities being exposed than ever before. In 2018, the number of new vulnerabilities increased by 23% compared over 2017 and by 162% compared to 2016. In order to keep infrastructure safe and secure, IT operations and security teams must align their efforts to track vulnerabilities, detect them and remediate when needed.
What Are the Barriers to Cooperation?
Before attempting to break down the barriers that keep IT operations and security in separate silos, let’s take a closer look at some of the barriers so we can gain a better understanding.
The most significant barrier is caused by the difference in automation tools used by IT and security. As previously mentioned, security tools scan and probe the infrastructure, detecting vulnerabilities and alerting automatically.
However, when remediation is needed, IT is stuck doing the work manually. Manual tasks are slow, error-prone and exhausting. Remediation done this way can consume up to 320 person-hours per week per enterprise. It can be soul-crushing work.
Another barrier is a diversity of systems and environments, such as different operating systems or different cloud providers. Since security teams may not be involved in the IT expansion planning process, unchecked or unexpected diversity adds to the complexity of both vulnerability detection and remediation.
As infrastructure expands and grows, IT teams that lack automated asset discovery can quickly lose track of crucial services and resources. This not only slows down the detection of vulnerabilities but can stall or even hinder their remediation.
Many of these barriers are exacerbated by another key barrier: poor communication. Teams fail to share tools, techniques and standards effectively. Without strong communication between IT operations and security, neither will understand critical processes and procedures for which the other is responsible. This poor communication keeps different teams from understanding essential requirements and at times realizing the urgency of vulnerability remediation.
Without automation helping them along, IT operations can struggle to keep up with the pace of reporting from security. This final issue just adds to the collection of barriers that prevent IT and security working in tandem. With these barriers in place, critical vulnerabilities will not get remediated in time.
Breaking Down Barriers
All of these barriers can understandably cause friction between security and IT operations. IT might feel like unreasonable numbers of demands and remediation tickets are hoisted upon them by security, while security may misinterpret the slow pace of manual remediation as an unwillingness to cooperate. Better communication can solve this problem by building empathy between IT operations and security.
More communication can cultivate the understanding that security needs to be embedded in IT infrastructure management from the start. This will help IT understand that security is not a “one and done” task — it needs to be a continuous process. Security, on the other hand, can learn and understand how IT barriers prevent them from having the complete knowledge of infrastructure needed for rapid remediation.
Communication will naturally lead to more sharing of data, methods and tools. This will lead to automation tools being used not just for remediation, but for asset discovery. A deeper knowledge of the network and infrastructure will lead to faster remediation and a more secure IT ecosystem.
How to Get Started
If you start with small projects to implement the first steps of automation and improve collaboration between IT operations and security teams, it will help build workflows that work for both teams. This keeps their efforts synchronized and improves collaboration.
A good example of small projects that can be undertaken are simple remediation tasks that can be transformed from manual processes to automated scripts. Simple tasks could involve correcting firewall configurations, patching vulnerable services, or even installing intrusion detection tools. With IT operations and security working together, these remediation scripts can be tied to automated vulnerability detection so issues can be fixed as they are found, immediately and automatically.
When your teams automate one simple task, for example, they don’t have to worry about it the next day. As automation frees up more and more time, it becomes a core part of security and IT culture.
Once teams begin communicating better, they will be ready to simplify handovers by sharing data and tools. Collaboration encourages the use of automation to remove manual processes during handovers. By employing increasing levels of automation, teams will continually improve cooperation and the remediation process. As improvements continue, remediation becomes faster and familiarity with automation will enable IT operations to reduce the number of vulnerabilities encountered in your infrastructure as it grows and evolves.
Many teams are already using automated tools to manage configuration, which means that adopting more automation for vulnerability detection and remediation won’t be a difficult challenge. Check out this container security piece for more context around how this can change for modern cloud native workflows like containers. Also see how Puppet is helping IT Ops and InfoSec better bridge expectations, understanding and workflow with new product innovations.
Feature image via Pixabay.