Far too often the inability to proactively defend organisations against security vulnerabilities is attributed to the lack of integration and coordination between security and operations. By leveraging IT automation capabilities, leadership can facilitate integration and coordination between the SecOps teams for a proactive approach to securing networks and servers, a critical concern as enterprises look to fast track digital business. In the simplest terms: an enterprise IT team cannot manage what they don't know about. Visibility and simplicity are keys to switch from the current reactive mindset to a proactive security approach.
A good example of a 'proactive' approach is the Singapore government, which has a nationwide Cybersecurity Masterplan in place and set up a special Cybersecurity Agency just to look after cybersecurity matters. Businesses should adopt a similar approach. In a PwC survey in Singapore, weak cybersecurity standards compromises employee records, leads to a theft of "soft" and "hard" intellectual property which then leads to low investors' confidence.
Lastly, having a strong SecOps programme allows organisations to go back to focusing on what matters to their business. SecOps help to support rigorous and vigilant controls while tools absorb some of the complexity so businesses can get back to the fundamentals. It also helps address risks based on policy and impact to ensure the most critical issues are fixed first, uptime is protected, and stability is maintained on all ends.
There is a need to identify unknown assets and dependencies across the entire enterprise ecosystem, while incorporating automation to rapidly prioritise and execute remediation. An impressive example comes from Transamerica. Its closed-loop compliance process has slashed resolution times for compliance issues from weeks to minutes. The compliance process has also reduced the auditing preparation effort from six people working for a week, to one person spending just a few hours. This is the type of efficiency and effectiveness that businesses should work towards.
Through thorough research and workshop, we understand that there are many compliance requirements to meet. Fundamentally, businesses want to automatically remediate known vulnerabilities, quickly understand the risk and priority it holds, and know how to integrate and implement solutions. The time for action is now to close the SecOps Gap.
Sign up for CIO Asia eNewsletters.