Automation is ubiquitous in our daily IT operations. However, many systems for managing hardware and…
For security and DevOps teams, staying a step ahead of the competition comes down to staying in lockstep.
Whether that competition takes the form of a threat actor lurking on a network or a rival company taking new products to market, collaboration can help security and DevOps teams better protect their organizations and develop innovative technology solutions.
For instance, imagine if a security team investigating the recent Log4Shell vulnerability had access to observability data. Security analysts could better understand the likelihood of Log4j2 being exploited in their application through application performance monitoring (APM) and correlated logs and traces made available by an observability solution. In the other direction, developers can shift left to integrate security early in the development process, avoiding slowdowns and increased risk from considering security compliance after the fact.
The benefits are there, but converging across silos is easier. How do you get your leaders and their teams on board for closer collaboration? Here are some tips for leaning into the future of DevSecOps.
People: Practice incident response with your IT and security teams
It’s a common saying among security professionals that “cybersecurity is a team sport.” Cross-team and inter-organization collaboration can make or break a response to a breach. This kind of thinking wasn’t always the case. In the past, monitoring and mitigating security threats throughout an organization may have been seen as the province of an organization’s security team. As data breaches escalate in intensity and cost, threat prevention and response require all hands on deck, from incident responders containing threats to communications teams mitigating reputational damage after a breach to IT teams integrating security into technology development and deployment.
Sports and cybersecurity share common ground with another saying: practice makes perfect. The approach can range from employees completing security awareness training to response teams running tabletop exercises. We recommend this tip for cyber defense: “Having a mitigation plan in place that is rehearsed regularly with your IT and security teams and your executive leadership will make it easier to deliver a swift and intentional response to a data breach disclosure.” Intentionally drilling incident response plans with your security _and _IT teams helps everyone be prepared.
Process: Streamline processes with a single platform
451 Research points out an overlap of objectives that makes closer alignment between observability and security processes mutually beneficial: “The ability to triage and identify security issues is part of observability, and the ability to act upon and isolate problem infrastructure should be integrated into modern business technology systems.”
Despite common goals, observability and security data may reside in separate systems. What if the data representing the intersection of security and observability were available to both teams? The power of an integrated approach is that it could weave observability and security teams and processes closer together. It could also provide another layer of data insights, with observability data adding context to logs to show actions, behaviors, and threat actor exploitation techniques.
An integrated platform approach provides opportunities to streamline and scale processes such as investigative work, threat hunting, and threat profiling. It also follows the vendor consolidation trend that Gartner predicts for 2022, with organizations working to combat the inefficiencies of tool complexity.
Technology: Leverage holistic security and observability solutions for monitoring
Another common saying is: People make mistakes. Holistic monitoring tools can help catch potential security exposures in development work before it’s too late. Continuous monitoring is a DevSecOps ideal with security, auditing, compliance, and performance applications.
Use an external scanning system that continuously monitors exposed databases. These tools notify security teams immediately when a developer mistakenly leaves sensitive data unlocked. There are holistic security and observability solutions that can scan both internally and externally.”
Where to start?
While these three examples touch on people, processes, and technology, all are not made equal. To start building collaboration across security and DevOps teams — and gaining the benefits from DevSecOps practices — focus on people first.
The right technology or streamlined processes won’t make as much of an impact on DevSecOps collaboration if roles aren’t filled with skilled talent. We suggest building teams with individuals who can “creatively apply technology to your environment, adapt defenses to new threats and communicate to your users with a high degree of empathy.” In addition, leadership needs to be on board for change to happen. Executives such as the CIO and CISO have an opportunity to set the tone at the top.
Once the right teams and clear leadership objectives are in place, it’s time to ensure a common understanding of technology and processes. As 451 Research states: “To achieve secure development at the speed of modern IT, cooperating teams must be literate in the tools and tactics essential to maintaining the pace required.” While effecting change is easier said than done, starting to explore where security and observability converge into DevSecOps practices can help businesses serve and safeguard their customers.
Learn more about the benefits of a unified approach to security.