If Operations and Security don’t act as one, basic Cyber Hygiene fails

Bob Deleeck
Bob Deleeck
22 december 2021
SHARE

Tanium Cyber Hygiene

In most businesses, the level of interaction and cooperation between IT operations and security teams has traditionally been limited or, at best, ad hoc. Both have worked diligently to fulfill their respective mandates, often really only pulling together meaningfully on specific projects or in the event of major security incidents like the recent Log4J bug discovery. And then immediately you see the impact on day-to-day operations.

Agisko - Social - When Operations and Security don’t act as one, Security Hygiene fails-High-Quality

With an entire economy of people now working remotely the corporate attack surface has increased exponentially, and the traditional corporate perimeter has become blurred and porous.

That’s because now, people are logging onto devices from home and using home networks rather than the corporate LAN. To perform their jobs effectively, they also now need to access more cloud-based applications, so these applications and the data they store and transmit no longer reside within the safe boundaries of the company’s data center. More concerningly perhaps, many people are using personally owned devices to do some or part of their work, rather than ones issued and managed by the organization. Unknown assets give malicious actors an easy path to compromise their targets.

What is Cyber Hygiene exactly?

Cyber hygiene is the practice of preventing or mitigating data breaches by ensuring that all critical systems are secure. It includes practices such as inventorying endpoints connected to a network, vulnerabilities management, and patching software applications with updates from manufacturers

Cyber Hygiene isn't just about your personal computer; it’s also something you should be doing for every device on which sensitive information exists, including smartphones (and other mobile devices).

But you can’t protect what you can’t see.

If you’re operating a distributed organization, now’s the time to rethink how your IT operations and security teams interoperate. If you fail to do so, you could risk opening your business up to unwelcome infrastructure security threats and potentially devastating interruptions to application continuity.

Security teams will only be able to plug security gaps and threats if they have sight of every single asset in their organization and a real-time understanding of every vulnerability these assets carry.

Once they’ve gained this insight, they need to immediately coordinate with their colleagues in IT operations to put in place the required controls to eliminate those vulnerabilities. And all this needs to happen fast.

Patch management is one area where this currently isn’t happening as effectively as it should. In fact, today, far too many breaches occur because the security and operations teams fail to coordinate around the basic task of finding and fixing known vulnerabilities and applying readily available patches. Of course, trying to manually identify where vulnerabilities exist and when the latest patches are being issued isn’t an ideal approach – but today, there are technical controls that can do the hard work in the background for you. And these tools also make it possible for patching to take place as and when it’s needed without negatively impacting application performance and user experience. This avoids the requirement to schedule patching activities after hours.

Other common examples of basic cyber hygiene practices “falling between the cracks” are routine operating system upgrades and server maintenance.

Basic steps on how to get operation and security teams working together.

If any of the above scenarios and pain points sound familiar and you believe that it’s time for your operations and security teams to put on a more united front, here are some steps to successfully enable these functions to work better together:

1. Give Operations and Security Teams Shared Asset Visibility and Control

You can’t protect what you can’t see. This is now more important than ever, given that remote and work-from-home arrangements have introduced a new element of “shadow IT” in the form of user-owned devices accessing the network and storing company data. Both the operations and security teams need to have the same view of the assets on their network and access to the same set of controls.

Without this degree of shared insight, these teams won’t have a common view of the vulnerabilities and gaps that exist, nor will they be in a position to work together to close them swiftly.

2. Eliminate the competition between Operations and Security.

While security and operations teams work in the same IT department, if they have different and/or conflicting mandates, an element of competition will inevitably arise from time to time. One of the most common sources of conflict is one party making changes or upgrades to the shared IT environment without input from the other and/or communicating these activities in a timely manner. Any delays in plugging security gaps open the door to data loss or compromise. One example would be operations teams bringing a new system online during the pandemic to support remote work but failing to consult their security colleagues to ensure such a move didn’t introduce any risks, vulnerabilities, or compliance issues.

Another way to achieve greater levels of cooperation between these two functions is to incentivize greater teamwork by making it a key performance indicator (KPI) on which individuals and departments as a whole are measured and rewarded.

3. Ensure Shared Toolsets

Traditionally, many security and operations teams have made use of completely separate sets of tools to perform their roles. There are several downsides to this practice. Firstly, it’s not cost-efficient. Secondly, different tools produce different data sets around assets in the environment, vulnerabilities on those assets, and the potential risk they’re creating. If both teams don’t have a shared and common view of these issues, at the exact same time, the way each interprets them will inevitably vary. This can lead to conflict and delays in actioning the all-important task of remediation. When everyone uses the same tools to perform controls, such as applying patches and making updates and configurations, it will also be easier for all parties to observe the outcomes and feel comfortable that new controls were applied to acceptable standards.

With a bit of thought and effort, it’s indeed possible to bring your security and operations teams together with the common goal of protecting your organization from security risks.

If you want to know more about how our 4-step process to patch management can contribute to proper cyber hygiene?

Download the whitepaper “How to avoid being the next victim of ransomware with proper cyber hygiene”.

Agisko - Social - How to avoid being the next victim of ransomeware with proper cyber hygiene-Medium-Quality (4)

 

Bob Deleeck

Bob Deleeck

Bob Deleeck is a co-founder at Agisko and has over 15 years of experience in the field of virtualization, business, and application continuity.

Related articles

Microsoft Agisko

Why successful organisations never forget to backup Microsoft Office 365

Data is one of the most precious assets of the modern business, and the most at risk. In 2019, 15.1 billion data records w...

Read More

#CriticalProductNotification

Agisko Critical Product and Security Notifications

Like most modern digital businesses, you make use of software and hardware from a range of technology vendors. This allows...

Read More

Agisko Application Continuity

3 Steps to Selecting the Right IT Service Provider for Your Business

As organizations look ahead to their post-pandemic futures, their core objectives now extend to making exponential improve...

Read More