Lethal Weapon 5: SecOps
This blog discusses SecOps, what it represents and its benefits.
Mohammed wants to build a novel application for the organization that he works for, and he needs to ensure that the application meets the required timelines and performance metrics. Afua works in the Cybersecurity section of the organization is not enthused about Michael approach to things because the last application had some vulnerabilities which led to her doing a lot of cleanups. Wajiha needs to perform a network migration for some new systems, and she is also under strict timelines, but Oyonika requires that this migration needs to be run by her to ensure that there are no unforeseen vulnerabilities within the network. What should they do?
One possible answer is SecOps. SecOps (Security + Operations) is a methodology created to ease collaboration between IT (Information Technology) Security and IT Operations to effectively mitigate risk by integrating existing/modern technology and processes. With SecOps the approach, where the development team and operations team work independently, is veered away from.
The implementation of SecOps is dependent on the size and structure of an organization. It can be large enough to be implemented across an entire business or implemented in specific IT projects. The main concept is that security is introduced at the earliest and in every stage of planning and development. This is done through integration of tools, practices, and goals, with effective tooling and automation at the heart of the process.
For example, Mohammed would write lines of code and test its functionalities while Afua tests the code for vulnerabilities. Any vulnerabilities found can be communicated with Mohammed who can rectify them while ensuring that the functionalities are intact. Wajiha can make a step-wise migrations while Oyonika tests network to see if attacks are possible and ensuring policies are enforced. Wajiha can use feedback obtained from Oyonika to streamline the migrations.
What this means is that Mohammed, Wajiha, Afua and Oyonika can use these methodologies to streamline priorities and ensure security at the same time. This means for them; the following are achieved:
- Known vulnerabilities are tackled
- Less bugs and configuration errors are made.
- Efficient security playbooks are created
- Fewer security breaches, vulnerabilities and distractions are tackled.
- Security and operation compliance are ensured.
SecOps ensures that security does not play catch-up.
References
- Credit: Photo by Christina @ wocintechchat.com on Unsplash
- What Is SecOps? Everything You Need to Know: https://www.techtarget.com/searchsecurity/definition/SecOps [Online, accessed 10-Dec-2021]
- What is SecOps | VMware Glossary, https://www.vmware.com/topics/glossary/content/secops [Online, accessed 29-Nov-2021]
- What is SecOps (Security Operations)? | Sumo Logic, https://www.sumologic.com/glossary/secops/ [Online, accessed 10-Dec-2021]