Andrea Danti - Fotolia
It's not hard to argue that technological innovations have enabled businesses to streamline activities and improve efficiencies. But those same innovations, at the pace they are being adopted, create additional work for security teams. Security departments struggle to balance the amount of work they have to do without any additional resources, under increasing scrutiny as the impact of cyberthreats to the business increases.
Security is really a risk function. To do it well, the security organization must collaborate with the business. Too often, however, teams strain to do this effectively while managing other priorities, giving rise to a problem I like to refer to as a different kind of "SaaS": security as a silo.
When organizations have security silos, friction and miscommunication get in the way of teams accomplishing their goals. In many ways, security is no different than other teams that struggle with data silos. There is, however, a select group of security organizations that have figured out how to use collaboration and specific technologies to their advantage. As a result, they have found a way to increase productivity, efficiency and effectiveness between people and processes. But to understand how an organization can bust security silos, let's look at how DevOps came to be.
DevOps, an origin story
It's hard to remember a time when software development and IT operations were siloed themselves, when developers were responsible solely for building software and IT ops teams deployed and operated it. This boundary was not crossed.
This created a crisis of efficiency. Tools weren't connected, teams barely communicated and deployments involved repetitive, manual handoffs to deliver the product reliably. As a result, teams on both sides experienced more backlogs as the delivery process bogged down their ability to work on core features. At a time when teams were expected to build fast, and deliver even faster, they couldn't keep up when each incremental update involved these time-consuming handoffs.
As you can imagine, this Waterfall model of software development and delivery was neither time-effective nor cost-effective. Teams needed to find a way to work together. Workflows had to be put in place, and tools needed to be connected for smoother delivery. This concept paved the way for technologies that supported true orchestration and automation, which in turn led to the birth of DevOps. With the goal of unifying the process of building, deploying and delivering software, DevOps changed everything.
Security threats are growing exponentially
To start, security teams are bombarded with an overwhelming number of alerts -- false positives and real threats. There are so many that there aren't enough hours in the day or people on the team to actively investigate them all. Not only that, security teams need to frequently rely on other organization partners to help investigate alerts and fix problems.
Many investigatory tasks are manual and repetitive. Because tools are unconnected, teams jump from system to system, copying and pasting info from one to the next, or they manually chase information from peers elsewhere in the company. This is hard, time-consuming and error-prone work. And let's not forget that good security talent is scarce and expensive.
We also need to acknowledge that the threat landscape is growing exponentially, and bad actors are more creative than ever. As a result, it's increasingly difficult for defenders in security silos to keep up, let alone get ahead of these threats. To put it bluntly, security is reaching an inflection point. And just like how security orchestration and automation tools changed software development and IT operations, it will change how security operations (SecOps) functions.
Security orchestration and automation can unite DevOps teams
It's time to start investing in technologies and methodologies that will enhance our tools, processes and people. We know that orchestration and automation technologies were crucial for DevOps to succeed. Why not bring these same concepts to SecOps?
Security orchestration breaks security silos by uniting disparate systems and tools, while also clearing the way for machine-to-machine security automation. Humans are great at deriving context from data, while machines are great at handling a series of repetitive tasks. Why not offload repetitive tasks to machines, and allow humans to focus on data analysis? In certain scenarios, a human may not even need to be involved if the process is well-defined enough.
Also, automation can also help bridge smooth communication between teams, communication that's needed to address risks jointly.
So, what does this mean for security as a whole? Here are four initial benefits:
- Defenders can get ahead and aren't constantly working from behind.
- The industry is stronger, more connected and more effective.
- The security function is streamlined and more productive.
- The way is paved for unity among IT teams.
In many organizations, it seems unachievable to add automation to security operations, but it doesn't have to be. Emerging technologies can streamline the automation process and give teams control and flexibility. By solving problems together, in a streamlined fashion with automation and orchestration bridging teams and tools, organizations position themselves to better scale against threats.