5 SecOps Processes to Try Today
DevOps has enabled businesses to bring products to market faster than ever before. But what about security?
In our recent survey, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year is to respond to business needs faster. Conversely, only 10.5% prioritized improving security as their top goal.
There is a misconception that businesses can’t move both quickly and securely. But with SecOps best practices, businesses can move away from the ad hoc, reactive tactics that slow things down, and replace them with repeatable processes that effectively support teams and products. Let’s explore.
1. System Access & Users
Does this describe your company?
- No centralized systems for identity and authentication management
- Misconception that security slows Operations down
Remember the principle of least privilege, which requires that every user be able to access only the information and resources that are necessary for their legitimate use.
You’ll also need to establish a centralized authentication management system using LDAP, or a similar database, to store passwords and identification protocols. In addition, identity and access management software can standardize and automate the process across the company. Single Sign On (SSO) can be a quick solution to put in place for internal- and external-facing application authentication and access control. SAML 2.0 SSO SaaS providers can allow you to get going quickly with minimal coding needed.
| Try This: The System Access process should be collaborative. Regularly review the lines you draw around access. Decide whether they need to change over time. |
2. Patching & Vulnerability Management
Does this describe your company?
- Shortage of security resources
- Point-in-time compliance (versus continuous compliance)
Patching may appear simple, but don’t be fooled. The 2017 Verizon Data Breach Investigations Report reveals that most companies aren’t patching regularly enough, giving attackers plenty of opportunities to exploit vulnerabilities.
| Try This: Instead of waiting until a security incident happens, schedule the time to patch in order to maintain continuous compliance. Work with Operations to standardize and automate the process. This will enable your organization to catch vulnerabilities before hackers do. |
3. Infrastructure Control Plane (AWS Console/API)
Does this describe your company?
- No visibility into infrastructure controls within AWS (or other cloud infrastructure provider consoles)
- Infrastructure and roadmap decisions not aligned with Security
In the public cloud, APIs and management consoles are the functional equivalent of data centers — but securing only your own data center in the public cloud would leave your APIs exposed. This is why you have to evolve your security approach as you move to the cloud.
| Try This: Learn about the new attack surfaces on your public cloud management console and APIs. Provide temporary credentials, which can be useful when developers only need access for a limited time, and train developers to remove credentials from code. |
4. Runtimes & Services
Does this describe your company?
- You lack visibility into how software is deployed
- Teams prioritize time-to-market over security
Is your software all deployed the same way or not? Is there a basic, standard configuration management system for all services?
If you don’t know, an improper deployment could cause security or compliance problems down the road.
| Try This: Standardize your runtime, software management, and operations practices across Security and Operations teams. Both teams benefit from strong policies in these areas, so achieving alignment should be pretty straightforward. Create runbooks to put processes in place and ensure that both teams are on the same page. |
5. Networking
Does this describe your company?
- Security isn’t operationalized into network configuration processes
- There’s a lack of alignment and policies on how networks are set up
Environments are more complicated than ever. Traditional network security controls are no longer adequate. Many Security and Operations teams restrict access between systems with network topologies. Instead, they need to group servers by roles and use automation.
| Try This: To ensure that your processes stand the test of time, document how a network is set up. Better yet, automate as much of the set-up as you can. This way, security is embedded whenever you adopt new infrastructure. |
Shifting to SecOps Processes . . .
SecOps is built on strong communication between teams. Strong collaboration helps companies avoid a situation where security becomes siloed and puts the company at greater risk.
For Operations, SecOps improves the stability of operational infrastructure rollouts, reduces unnecessary downtime, and frees them up to focus on strategy. SecOps empowers security teams to work more efficiently. It helps them see incidents faster and reduces mean time to know and investigation time. SecOps helps security teams repair issues quicker, allowing developers to build and ship software sooner — overcoming the common fear that security interferes with the speed of innovation.
Want more information on the people and process improvements your organization needs in order to drive the progression from ad hoc, reactive security tactics to proactive, strategic security practices? Download our latest guide: The SecOps Playbook for Cloud Infrastructure, Part II: Practitioner’s Guide for Security & Operations Teams.
*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by Mark Moore. Read the original post at: https://www.threatstack.com/blog/5-secops-processes-to-try-today
