To Reduce Cyber Risk, Strive for SecOps

SecOps teams must come together from day one to maintain performance and security within their organizations

Last year, the average business lost $13 million to cybercrime, which is 12% more than in 2017 and 72% more than in 2014. When Tanium recently asked IT decision-makers how they planned to reduce that risk in 2020, they reported making multimillion-dollar investments across operations and security. Over the last two years, they increased operations budgets by 11% and allocated 18% more funding to security teams.

However, despite massive budget increases, both operations and security teams continue to struggle. Only half of the teams Tanium surveyed said they had full visibility into their environments’ vulnerabilities and risks (51%), and less than half said they had full visibility into all of the hardware and software connected to their networks.

Businesses are investing more in tools than ever before, but the issue isn’t more investment—it’s the right investment. “More tools” aren’t bringing siloed IT teams closer together and aren’t achieving the kind of total visibility and control of all endpoints needed for effective risk mitigation. Below are some ways to reconsider the crucial collaboration between IT operations and security teams, also known as SecOps.

Find Areas to Align

While just 27% of the enterprises we consulted on these issues would describe their IT teams as “embedded,” as many as 67% said that coordination among teams is extremely challenging. Aligning the security and operations teams is one way to overcome this challenge. Different teams using different tools and receiving different data sets have little room for compromise; however, teams united by a common toolset are not only more likely to collaborate but they are also better resourced to mitigate risk and protect valuable data. As teams do away with the point tools and invest in coordinated, platform-based solutions, their ability to easily verify the quality of their data, trust their vulnerability scans and remediate threats at scale will improve significantly.

Prioritize Visibility Across the Environment

While most IT decision-makers (80%) believed they could instantly act on the results of their own vulnerability scans, fewer than half (49%) thought they had full visibility into all the hardware and software assets. But without full visibility, the vulnerability scans are merely “good enough” and unable to account for areas managed by other teams. That false confidence is even worse in IT departments that have a rift between security and operations.

If businesses fail to gain a view of the entire environment, it could take them two weeks longer to patch IT vulnerabilities (37 business days versus 27.8 business days for teams with a healthy relationship). By implementing an end-to-end view of the entire environment, both teams will be able to gain the visibility of the computing devices they need to protect organizational data.

Reduce Complexity Between Teams

More tools lead to a more complex environment. Tanium’s research showed that IT operations and security purchased an average of five new tools each within the last two years, and large organizations reported using as many as 40 to 50 point solutions. It’s no wonder why this happens: As new problems emerge, each team seeks a new solution based on that individual problem, ultimately creating an environment too difficult to manage. To keep an organization nimble and responsive, ops and security must work together — SecOps — to select solutions that are capable of solving the range of problems that both teams face and agree on what data is most important.

Create a Culture of Improved IT Hygiene

As many as 80% of the organizations we spoke to said that maintaining IT hygiene was the most challenging task for IT operations and security teams. Once the entire department begins to prioritize the fundamentals, response times will improve and prevention and detection methods will sharpen.


Businesses that do not take these steps are vulnerable to disruption. It is essential that  IT operations and security teams need to unite around a common set of actionable data and are empowered to ask questions about the state of every endpoint across the enterprise, retrieve data on their current and historical state and execute change as necessary. These SecOps teams must come together from day one to maintain performance and security within their organizations—or continue to face the threat of cyberattacks, outages and other business-crippling disruptions.

Avatar photo

Chris Hallenback

Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium’s customers ensure that the technology powering their business can adapt to disruption. Before joining Tanium in 2016, Hallenbeck worked for six years on the U.S. Department of Homeland Security’s Computer Emergency Readiness Team, where he gained a strong background in computer-related investigative work.

chris-hallenback has 3 posts and counting.See all posts by chris-hallenback