Security operations (SecOps) can be an exhausting, and often thankless job. Exploding cloud footprints and the work from home reality has significantly increased the SecOps workload. A recent survey of security experts found that 86% of respondents are concerned about burnout and high levels of stress among security teams, due to the daily volume of alerts. Among the technologies that have the potential to ease this burden: automation.
While some security teams have implemented a small degree of automation, the priority is almost always a short-term fix — how can we eliminate a security threat or breach as quickly as possible? As a result, there’s no learning loop or process in place to teach machines post-mortem so they can do most of the hard work next time.
In order to optimize SecOps and integrate it as a strategic function of the business, security teams need to shift their mindset to fully embrace automation. Especially analytical automation for contextualization and enrichment of their processes. Doing this will require breaking down a few persistent barriers that stand in the way.
Barrier #1: SecOps teams are constantly racing against the clock to put out fires.
The first and fiercest opponent SecOps teams regularly have to battle with is time. Part of this race is due to the constantly evolving threat landscape, but much of it has to do with the ever-shifting tech landscape – business dependency on cloud and a distributed workforce. Bad actors are adding this evolving terrain to their repertoire. But many security teams are still working on legacy footprints using legacy techniques because they have not had the time to keep up with the tech changes.
The SecOps teams’ function has traditionally been very reactionary – they spend most of their time playing whack-a-mole with short-term, time consuming fixes to threats. Much of their time also goes to stitching processes together manually. When all of a security team’s energy is used keeping up with alerts, there is no time left in the day to establish practices or learn technologies that will put them on firm footing to get a few steps ahead of impending threats.
Yesterday’s tools were not designed to manage large-scale organizations, environmental elasticity or a perimeter-less world. And many security tools don’t leverage the practitioner’s knowledge, context and intuition. Current processes are not well integrated – SecOps practitioners often end up manually integrating knowledge on spreadsheets or on paper. Embracing analytical automation and collaboration technologies will be key to cutting down on time-sinks.
Barrier #2: SecOps teams are left out of digital transformation decisions.
As businesses continue to undergo digital transformation, they are constantly evolving the way they operate and the technologies they use. For most businesses, particularly in light of the pandemic, cloud options are the first choice in terms of cost, complexity, management and time to market. But SecOps teams are generally not familiar with, or haven’t had time to get familiar with, the cloud environment or tools that can help their function in the business run more efficiently. This keeps them from being seen as the business enabler that a security team can and should be.
To contribute to business goals, the ideal security team will want to re-orient resources to think strategically about what security applications or processes need to be implemented. To do this, the security teams will have to invest time and humility to learn contemporary cloud technologies that IT and DevOps teams are using. SecOps should be a key player in helping identify new opportunities the business can move into safely, acting as a scout into uncharted territory rather than the bouncer that shows up once trouble has already hit. Automation can free up security teams to serve this more strategic function.
Barrier #3: Technology isn’t built to mirror how humans work.
In the security world, technologies are complicated and are not built to operate the way that humans are used to working. This leaves security professionals having to spend time they don’t have due to bandwidth constraints to learn the tech, or worse, bend processes to make up for tool constraints. In addition to dealing with the tools they already had in their environment, they are expected to learn new tools from this shift to the cloud.
Part of this disconnect is that humans are expected to conform to the way the technology works. We need tech shaped differently – modeled more after how real humans work. Just as humans go through a process of collaboration, iteration and delegation, SecOps needs a common worksurface for collaborating, a content management system for iterating, and an automation function for delegating to machines. Modeling technology after the human work process will make new tech like automation much easier and more intuitive to adopt.
Overcoming automation barriers requires a new security mindset.
With security threats growing more sophisticated and proliferation of tech footprints, it’s more critical than ever for organizations to embrace a new security mindset and integrate analytical automation and collaboration into SecOps. There are some tech and institutional challenges to achieve this nirvana. But the greatest hurdle is changing the mindsets of the human security professionals.
Once SecOps teams overcome these barriers to adopt a growth and learning mindset, they will realize that “the way things have always been” is no longer the best for business. This conclusion yields an openness to learning new tools, techniques and processes. To make this automation learning curve less steep, teams should start with one process that is simple and make it work well, and then build additional simple systems and focus on making these systems work together well. Ultimately this mindset will open the door to achieving results in new and different ways.
As this growth mindset takes hold of the SecOps team, it can spread like wildfire to have a cultural impact on the whole organization as well. Openness to learning and collaboration will become commonplace across and between business units, breaking down the walls traditionally keeping SecOps from working seamlessly with other departments. At the end of the day, this culture will be the catalyst for SecOps teams finally realizing their potential as key players in the success of their businesses.