How to build collaboration across security and DevOps teams–and why it’s business critical

blog-thumbnail-securitymaze.png

For security and DevOps teams, staying a step ahead of the competition comes down to staying in lockstep with each other.

Whether that competition takes the form of a threat actor lurking on a network or a rival company taking new products to market, collaboration can help security and DevOps teams better protect their organizations and develop innovative technology solutions.

For instance, imagine if a security team investigating the recent Log4Shell vulnerability had access to observability data. Security analysts could better understand the likelihood of Log4j2 being exploited in their application through application performance monitoring (APM) and correlated logs and traces made available by an observability solution. From the other direction, developers can shift left to integrate security early in the development process, avoiding slowdowns and even increased risk from considering security compliance after the fact.

The benefits are there, but converging across silos is easier said than done. How do you get your leaders and their teams on board for closer collaboration? Here are some tips to lean into the future of DevSecOps.

People: Practice incident response with your IT and security teams

It’s a common saying among security professionals that “cybersecurity is a team sport.” Cross-team and even inter-organization collaboration can make or break response to a breach.

This kind of thinking wasn’t always the case. “In the past, monitoring and mitigating security threats throughout an organization may have been seen as the province of an organization’s security team,” writes 451 Research, part of S&P Global Market Intelligence. As data breaches escalate in intensity and cost, threat prevention and response require all hands on deck, from incident responders containing threats to communications teams mitigating reputational damage after a breach to IT teams integrating security into technology development and deployment.

Sports and cybersecurity share common ground with another saying: practice makes perfect. Practice can range in form from employees completing security awareness training to response teams running tabletop exercises. Mandy Andress, CISO of Elastic, recommends this tip for cyber defense: “Having a mitigation plan in place that is rehearsed regularly with your IT and security teams and your executive leadership will make it easier to deliver a swift and intentional response to a data breach disclosure.” Intentionally drilling incident response plans with your security _and _IT teams helps everyone be prepared.

Process: Streamline processes with a single platform

451 Research points out an overlap of objectives that makes closer alignment between observability and security processes mutually beneficial: “The ability to triage and identify security issues is part of observability, and the ability to act upon and isolate problem infrastructure should be integrated into modern business technology systems.”

Despite common goals, DevOps observability and security data may reside in separate systems. What if the data representing the intersection of security and observability was available to both teams? The power of an integrated approach is that it could weave observability and security teams and processes closer together. It could also provide another layer of data insights, with observability data adding context to logs to show actions, behaviors, and threat actor exploitation techniques.

An integrated platform approach provides opportunities to streamline and scale processes such as investigative work, threat hunting, and threat profiling. It also follows the trend of vendor consolidation that Gartner predicts for 2022, with organizations working to combat the inefficiencies of tool complexity.

Technology: Leverage holistic security and observability solutions for monitoring

Another common saying: People make mistakes. Holistic monitoring tools can help catch potential security exposures in development work before it’s too late. Continuous monitoring is a DevSecOps ideal that has applications for security, auditing, compliance, and performance.

Andress recommends, “Use an external scanning system that continuously monitors for exposed databases.” She continues, “These tools immediately notify security teams when a developer has mistakenly left sensitive data unlocked. There are holistic security and observability solutions that can scan both internally and externally.”

Where to start?

While these three examples touch on people, process, and technology, all are not made equal. To start building collaboration across security and DevOps teams — and gaining the benefits from DevSecOps practices — focus on people first.

The right technology or streamlined processes won’t make as much of an impact on DevSecOps collaboration if roles aren’t filled with skilled talent. Andress advises building teams with individuals who can “creatively apply technology to your environment, adapt defenses to new threats, and communicate to your users with a high degree of empathy.” In addition, leadership needs to be on board for change to happen. Executives such as the CIO and CISO have an opportunity to set the tone at the top.

Once the right teams and clear leadership objectives are in place, then it’s time to ensure there is common understanding of technology and processes. As 451 Research states: “To achieve secure development at the speed of modern IT, cooperating teams must be literate in the tools and tactics essential to maintaining the pace required.” While effecting change is easier said than done, starting to explore where security and observability converge into DevSecOps practices can ultimately help businesses serve and safeguard their customers.

Learn more about the benefits of a unified approach to security.