Security teams should look for a flexible system that allows them to define the desired compliance or security state by rule. A library of pre-defined policies such as PCI-DSS, HIPAA, DISA STIG, and SOX, including both audit and remediation capabilities, can be used as templates or customised and extended to meet individual requirements. With greater confidence in the accuracy of audit results, the operations team can take corrective action more decisively.
SecOps teams need to have complete visibility into the state of the environment at any time –- rather than just a configuration snapshot taken prior to the audit. The team will want to look into ongoing audits, which can provide real-time data feeds and help in verifying compliance. Compatibility with other tools and even manual configuration management is definitely a must in facilitating seamless adoption and enabling SecOps to spot issues on-the-fly.
The best solution to close the SecOps gap would be to provide both teams with a common context point to unify audit and remediation. In terms of remediation, the operations team would appreciate a system that provides the option to make targeted, specific changes only to the parts of a file that are affected by compliance violation, rather than replacing the entire file. Remediation should not be considered as a final measure and any system that is deployed needs to remain fully transparent and designated as 'compliant with exceptions' rather than simply compliant or non-compliant. To ensure complete security, role-based access control and delegation that ensure only approved users are able execute changes should be included. Of course, an option for the operations team to return to a known good state if necessary would be reassuring.
Sign up for CIO Asia eNewsletters.