Automate, integrate, collaborate: Devops lessons for security
- 22 August, 2016 20:00
Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk. They'd rather be viewed as enablers who help the organization complete tasks and gain access to needed data.
To make that transformation, security teams must become faster, more efficient, and more adaptable to change. That sounds a lot like devops.
Indeed, security can derive inspiration from devops, says Haiyan Song, VP of security markets at Splunk. Devops encourages automation and better integration among tools, two trends security professionals are increasingly exploring to make security more transparent throughout the enterprise.
"Make security part of the fabric so that people don't have to think about it," says Song.
As more companies embrace devops principles to help developers and operations teams work together to improve software development and maintenance, those organizations also increasingly seek to embed security into their processes. Continuous automated testing improves application security. Increased visibility in operations improves network security.
"[Working] faster means taking care of security vulnerabilities better," Song says. This isn't just about catching the bugs during development, but also being able to respond and fix when something has gone wrong.
When data collection and analysis is automated, developers, security teams, and operations can work together. The benefits go beyond application security. Song describes an organization that saw sales drop dramatically after pushing out a feature update to their ecommerce application. Was the problem with the update or the application itself? It turned out that the SSL certificate had expired. With all the players in one place, it was easier to identify and fix the problem. There is a "fusion of different operations and teams working together," she says.
Devops makes it easier for everyone involved to be transparent about what's happening, why it's happening, and what will happen next. That visibility is important for security teams, too, since security people don't necessarily control network operations or the various systems. Automate data collection and data analysis across all domains so that "situationally aware" actually encompasses all processes. Bring security teams to the same table as the database and network administrators, business stakeholders, operations, and developers so that everyone works together.
Security doesn't operate in a silo, Song says. Removing barriers between teams gives security operations information about what is happening faster. Faster alerts means security operations are looking at the problem earlier in the cycle, and better information on hand helps the team figure out a solution.