The convergence of security and IT operations
By Bassam HemdanFeatures Data Security convergence cybersecurity editors pick
The worlds of security and IT are becoming entwined as security initiatives become a top priority for all lines of business.
Whether they like it or not, security and IT operations are increasingly finding they must collaborate in the development and implementation of their organizations’ data security and protection strategies. Specifically, they need to work hand-in-hand to determine where their organization’s critical data assets are located, and then jointly implement a strategy that can prevent cyberattacks from reaching these assets, identify attacks when they breach their defences, and remediate any damage caused by an attack. Integrations between IT management and security platforms such as Security Orchestration, Automation and Remediation (SOAR) are also helping with this.
One example of the intersection of security and IT is backup and recovery, traditionally the purview of IT ops. This area has become a key part of an organization’s security posture and the “last-line-of-defence” against ransomware and other cyberattacks. Data protection solutions not only enable IT teams to quickly and comprehensively recover their critical data, but they also significantly minimize the disruption caused by a ransomware breach or malicious attack — a primary challenge security teams are focused on solving.
Mitigating ransomware and other cyberattacks is crucial. The Canadian Centre for Cyber Security reports that Canada is one of the top countries affected by ransomware. In the first half of 2021, more than half of Canadian ransomware victims belonged to a critical infrastructure sector, such as health, manufacturing or energy. Such attacks can disrupt services and organizations we rely on.
The challenge of bringing IT and security together
Security and IT traditionally having different charters. Implementing a successful data security strategy requires both teams to define clear roles and responsibilities, break down organizational silos, and ensure design collaboration between data owners, IT and security.
This can be a challenge in hybrid cloud and shadow IT environments in particular. The absence of documented playbooks and runbooks significantly inhibits an organization’s ability to mitigate and respond to attacks.
After security and IT ops develop and implement a data security and protection strategy, they need to test it. One way is by simulating different types of attacks, and then having both teams practice how they would respond — a technique often known as “data recovery drills.”
Such drills ensure that security and IT ops understand what their responsibilities are when a real-life cyberattack happens. They also make sure both teams have the necessary playbooks, runbooks, processes, and personnel in place for mitigating attacks.
Working with cloud service providers
Another challenge security and IT ops teams encounter is working with SaaS and cloud service providers.
Under the shared responsibility model, cloud service providers are usually responsible for securing and protecting their services’ infrastructure and applications — but not the data that these services store and use. Security and IT ops teams need to ensure they account for this by documenting how they are securing and protecting the data used by their cloud services.
Common traits of organizations doing it right
If maintaining an organization’s data integrity is not a priority for the leadership team, it can be difficult to motivate the security and IT ops teams to collaborate. Such collaboration is hard work and often means shedding old habits. When it works, it’s almost always the case that executive leadership has been advocating for it.
Another common blueprint for success is an organization optimizing its data and implementing robust data management capabilities. Organizations that do this usually have the strongest data security and protection strategies.
On a related note, successful organizations also manage their data sprawl. They have a good understanding of their critical data assets, which in turn helps them develop the required policies to safeguard that data.
This is not an area where spending more necessarily gets you more. In fact, organizations that try to throw money at an issue often end up with redundant security and data protection solutions, each of which requires different skills and processes. Successful organizations are not reactionary; they keep this in mind as they plan and implement, and are often tactful and careful when purchasing solutions.
Another characteristic of success is making sure collaboration happens in the early planning stages of IT deployments. Security and IT teams should develop policies from the inception of projects, in the context of the organization’s overall security posture, rather than as an afterthought.
Looking to the future: More influence for CISOs and security teams
CISOs and security teams are increasingly becoming key influencers in traditional IT managed solutions, and helping drive the convergence of their respective work. Teams are working together to create automated runbooks to manage IT while monitoring and responding to security incidents.
For example, artificial intelligence is being used to detect data anomalies on backups that might indicate a cyberattack. By identifying these attacks early on, the “blast area” can be minimized and contained. In the future, these solutions might add early detection signals and warnings that help security analysts identify potential attacks in play.
The convergence of security and IT is being accelerated by the rapid proliferation of cloud technologies and the associated data sprawl. Organizations are being forced to rethink their data policies and strategy.
As Canadian organizations are grappling with complex hybrid cloud environments and the data protection and security challenges they present, security and IT teams are coming together to formulate their data strategies. These teams must collaborate closely to protect their most valuable asset — data.
Bassam Hemdan is Regional Vice President, Americas, Metallic at Commvault.
Print this page
- Nurses being punched, grabbed, kicked will benefit from anti-violence program: union
- Former Ottawa police boss defends intelligence reading of ‘Freedom Convoy’