While IT operations and security professionals of various organizations are on the same team, each have their own goals and priorities. IT Ops’ goals are often increased productivity and efficiency, with the purpose of keeping businesses running effectively. Security teams, naturally, are concerned keeping organizations secure from inside and outside threats. To accomplish this, security teams employ and deploy various tools. Unfortunately, some of these tools can be bottlenecks for users, especially IT Ops personnel who are tasked with keeping organizations’ systems running proficiently.
A survey of more than 250 IT Operations professionals was conducted at the 2018 VMworld conference in Las Vegas with the goal of gaining insight into these challenges by discussing security tool usage and experience. The participants were specifically questioned about their integration of security solutions and were asked to describe their organizations’ usage of these products and the difficulties they face.
To little surprise, when security tools are hindrances to users and IT teams, they often go unused — thus making them ineffective and a waste of the organization’s resources. According to the participants, the primary issue with security tools is that these products and solutions are too complicated. More than 64 percent said the complexity of deployment or of daily use is what hinders the tool’s effectiveness the most.
With complexity being the main problem, it’s understandable to see why 44 percent of participants cited ease of use or ease of implementation as the most important attribute of security tools.
Knowing how important it is to simplify tools and their deployment, security teams need to take the concerns of IT Ops teams into account if they want their solutions to be used effectively or even used at all. While highly complex products may offer additional features, if they are not properly implemented, then they likely offer very little security to organizations. Increased collaboration between security and IT Ops teams can help prevent the disconnect.
More “teamwork” between these teams will result in more effective security deployments. Only 21 percent of IT Ops professionals surveyed said they are key decision makers when it comes to selecting security tools. A larger percentage said they are required to use these security tools but aren’t even consulted before decisions are made. By bringing IT Ops personnel to the decision-making table, they are able to ensure their concerns are discussed. This is crucial because it’s the IT Ops personnel who are actually using the tools on a daily basis and can offer a unique and practiced perspective as to the application and capabilities of the tools. This specifically means IT team members should be included in the testing of security solutions before they are adopted to make sure they are not only useful to the organization, but mainly to ensure they can be implemented properly and effectively.
Conversely, IT teams need to make security teams aware of the critical problems they face that require security solutions. One of these major threats is against the credentials and accounts that IT teams supervise. Security for privileged access managed by IT teams is vital to organizations. These credentials are keys to sensitive data, key applications and internal systems. With so much value to gain from penetrating organizations and seizing this privileged access, it is understandable why 80 percent of breaches involve stolen privileged credentials.
In order to defend this salient concern, IT Ops and security teams need to work together develop an action plan for attaining and maintaining security for these privileged accounts. This requires these teams to understand what these accounts are and what the access they have is. Additionally, organizations should implement the principle of least privilege to limit their vulnerability. IT Ops personnel need to understand that they should only be able to access credentials, accounts and systems that are critical to their individual responsibilities.
Well-informed security teams know they need to employ a privileged access management solution to accomplish these goals, which provide organizations with visibility and control over privileged credentials, applications and internal systems.
As we know, simplicity and ease-of-use are central priorities for IT Ops teams when implementing security tools. Naturally, when the participants were asked about considering a solution designed to offer privileged access management, application control and a least-privilege policy, half of those surveyed said ease of deployment or automation were the most important features. Obviously, ease of deployment would mean the alleviation of some of the IT Ops teams’ struggles, but automation is also a significant attribute. A properly automated tool requires less attention from IT personnel.
These features bring us back to the first point: In order for security tools to be effective, they have to be easy to implement and manage for IT Ops teams. Security personnel need to present solutions that are seamless, which will allow the IT Ops teams to deploy and actually use security tools to their optimal level. Greater collaboration between IT Ops teams and security teams will allow each team to accomplish their individual goals and will enable organizations to improve their security defenses without hindering productivity.