10 Surprising Findings about Operationalizing Security

The news headlines and social media comments about IT security vulnerabilities remain consistent – and they may cause you to take a closer look at what can be done to protect your organization. It seems like "another day, another data breach, another cyber attack, and another failed security audit."

Fortunately, there are steps you can take to thwart the threats from hackers and keep your organization more secure. How well prepared are organizations to deal with these issues? What’s the best approach for moving from a reactive strategy to a well-coordinated, offensive plan of attack — one that’s based on automation and greater collaboration between IT Security and Operations (SecOps)? A new voke Research Market Snapshot Report addresses these issues and much more.

The report is based on a survey of 318 participants from a wide range of organizations around the world (about 80% of them have 1,000 or more employees) that analyzed challenges related to operationalizing security. When security is “operationalized” effectively, it means that organizations implement secure operations and automation practices. The survey focused on each organization’s approach to IT patching and compliance, automation, and whether these practices were effective enough to establish high levels of security. Here are some key themes and 10 surprising statistics that were uncovered from the survey:

Don’t be reactive – go on the offensive

Most respondents took a defensive approach to security when they really should have been moving to a well-coordinated plan of attack. Working in silos is ineffective. Ensuring security is everyone’s responsibility – architects, developers, QA, IT Operations, IT Security, and the line of business. The consequences of a defensive approach can be disruptive and costly.

  1. 83% of organizations had numerous security-related challenges and most participants reported multiple challenges.
  2. Only 32% of organizations report a proactive and collaborative relationship between security and operations.

Close the gap

If you don’t close the gap between operations and security you could expose your business to potential risks. Failure to implement patches to known vulnerabilities, for example, can lead to security breaches and failed audits. Organizations that focused on closing the gap with automation and best practices experienced improved audit-readiness, increased remediation productivity, improved patch management, and reduced security breaches from pending patches. Automation should help security and operations teams collaborate more effectively by providing context and actionable information. That way operations more readily knows what to do with information from security and the security teams have a better understanding about how their recommendations impact operations.

Patch vulnerabilities quickly to pass security audits

The stakes are higher than you may think for failing a security audit.

  1. 27% of survey participants reported a security audit failure in the prior 18 months because proper measures weren’t in place, breaches happened, and other factors.
  2. 81% said that the audit failure could have been avoided with a patch or configuration change.
  3. 26% said a failed audit can cost millions!

Prevent costly breaches

Significant breaches can put an organization at risk for fines, theft of intellectual property, brand image damage, and other problems. Yet, most breaches can be prevented.

  1. 79% of participants indicated the security breach could have been avoided with a patch or configuration change.
  2. The average risk of fines reported by participants is $1 million (USD)
  3. The average risk of security breaches is $40.5 million (USD).

Reduce risk and increase productivity

Be better prepared by developing a plan that addresses these security challenges, along with best practices and the automation to make it successful. Identify any gaps in how security and operations teams work together.

  1. Did you know that 30% of respondents said they were challenged by a lack of automation, even though technology is available?
  2. On a positive note, organizations that used new solutions to perform remediations improved staff productivity with 64% reporting a 4x to 40x productivity improvement!

How does your organization compare in terms of overall IT security with the companies that were surveyed? Chances are you may face many of the same challenges they did. What best practices should you follow to protect your enterprise? How can automation help? Read the Secure Operations Report by voke Research and find out.