SecOps vs. DevOps in the Information Age

SecOps vs. DevOps in the Information Age

Information is varied and complex, involving many data types, structures, and protocols for different types of data sets. This increases challenges for SecOps and DevOps when considered to scale across complex architectures often involving both bare metal and virtualized infrastructure for an organization. The ability to transform and integrate is key over the next decade. How SecOps and DevOps work together or compete with one another, is essential towards a successful business transformation. In every organization globally, these groups have enormous challenges ahead of them as we consider the changes facing the industry today.


Big Data Creates Big Challenges


The sheer volume of data seen on a network in 2018, let alone file system, is staggering even for a smaller organization. This is one of the reasons why ransomware works so well because, so few organizations have a well-defended network let alone a redundant, tested, effective backup solution that can help recover from such an attack. However, big data is much larger than just volume; it involves many different protocols and data types and a need for data classification. Few organizations have mastered all of the elements required to manage such big data. The challenges of big data only increase over time with all the information that is now available from personal devices, monitors, IoT, the complexity of the cloud, and others.


The Real Impact of Virtualization & Containers


We have all grown tired of our entire system crashing when there is an unexpected bug or process call. Welcome to the new age, where we live on our phones and tons of apps. When an app crashes, it’s very simple to reopen it and get back to business. Why? Because it is more modular, it is more stable as an operating system and easier to control regarding updates and management to any individual app. The advent of containers in the past few years will change how we do business going forward. We’ve moved beyond Docker to Kubernetes, effectively advancing past the desktop to an enterprise architectural change and deployment management model. These virtualized solutions offer great promise, like that of a mobile phone in many regards, but also significantly increase the complexity of integrated containers (similar to apps on a phone) and their use of a system. The author doesn’t even know how many apps are on his phone and which have access to specific tokens or contacts, and neither will SecOps and DevOps in a future world with dozens or hundreds of containers within an enterprise network. The world of one major application that everyone uses to get their job done is gone, with smaller apps for utilitarian functions reigning in our future. This is a nightmare to manage when one considers the technical and architectural integration of permissions integration between containers to prevent lateral movement and abuse by insiders and rogue external attacks.


Agile Computing & Millennials


For the past few years, agile computing has gained popularity over the more traditional Software Development Life Cycle (SDLC) because of how flexible and affordable it can be. In reality, the majority of this is done in short sprints with little to no long-term strategic effort which can lead to a breakdown of architectural control and design. Over time such agile solutions become highly dysfunctional and reactive. This is especially true when dealing with a new generation of Millennial programmers who struggle with long-term strategic focus and creation of context. SDLC can also be far too slow and wieldy but offers excellent structure and strategic focus.  Organizations need a hybrid solution to position the strategic goals while handling reactive needs of an organization. All too often SecOps is brought in well after DevOps is completed with the creation of a new service or solution. Often this can result in an adversarial role between the two organizations, with SecOps asking for features and requirements that are then, at that late stage, expensive or difficult to include in DevOps.


How Good is Your Governance?


Remember the days when it was said in security that the attorneys, HR, and other stakeholders needed to be involved in the pre-planning and actual incident response and war room events for a company (e.g., a breach)? There is still that same need when it comes to having SecOps and DevOps work together – from the very beginning through the life cycle of development – to ensure affordable, transparent success. It’s hard to manage people, process, and technology. It’s even harder to integrate across teams with different values, culture, and focus. This is a big ask that is not done well by most in the industry.


DevOps is all about cranking out new code, new solutions, and services promptly as dictated by leadership. All too often corners are cut when the pressure is on, or a DevOps individual is incentivized to finish by a specific date. While DevOps often does care about and wants to include more security solutions they are frequently highly limited by management to do so. Real security will involve SecOps and a lot of time and demands by including all stakeholders, development, operations, testing, support and so on. Time is one reason why so many organizations fail to govern effectively, especially between teams like SecOps and DevOps. 


Closing Comments


Some argue that DevOps and SecOps should be merged. Others say that DevOps only exists for large organizations. The reality is the infrastructure, integration, and way we do business has radically changed with the advent of the information age. DevOps and SecOps must stay separate to protect their individual cultures, focus, and values. When they are one team, you lose the value of separate teams with specialized functions and measures of effectiveness. Most organizations, big and small, will need some sort of DevOps support in the future because of how the industry is changing and moving towards a multitude of smaller applications and integration with clients and other business partners.  


Great management of DevOps and SecOps can only occur from the top down, with leadership expectations towards a security context.  This means that leadership must also afford the appropriate resources, especially time, for this context to be fully matured with any project. A hybrid approach of both SDLC and Agile can work great as long as the focus of security and coordination of key stakeholders is in place from the initiation of a project.

Ken Dunham
Senior Director, Technical Cyber Threat Intelligence
Ken Dunham has spent 30 years in cybersecurity, consulting in adversarial counterintelligence, forensics, Darknet Special Ops, phishing and hacking schemes, AI/BI, machine learning and threat identification.