VictorOps is now Splunk On-Call! Learn More.
Today, every enterprise has a DevOps and IT department struggling to support their company’s ever-expanding technology footprint – a plethora of applications hosted on multiple clouds, numerous endpoints, and legacy equipment. They also need to deal with shadow IT. The perimeters have long been broken, and cyber-threats are becoming more costly, frequent and sophisticated.
Data-breach is a perennial risk for every organization. So, developing and implementing a holistic IT security and incident management plan becomes crucial to success. While the specifics of this plan can vary from organization to organization, certain high-level concepts should remain the same.
Too many organizations fail to fully understand the coverage and capabilities of their existing security equipment and policies. It’s okay to blame a misconfigured firewall for the last major breach but organizations should realize that a firewall alone wouldn’t be able to prevent them from APTs (advanced persistent threats). Weak passwords, stolen devices and social engineering can still cause major damage.
Did your organization’s IT security plan include strong password policies that also require everyone to change passwords on a monthly or quarterly basis? Are your employees sensitized against spear-phishing attacks? Is your IT and DevOps team equipped with proper tools that can detect application layer threats, prevent intrusion, and analyze logs from multiple sources? These are only some of the questions that can help you assess your current level of preparedness against cyber threats.
No IT security plan can offer foolproof security and that’s why IT security planning is not a one-time effort. You should aim to develop a strategic security plan with short and long term objectives and periodic reviews that should happen at least annually.
The goal of your security planning should be to identify and learn from past mistakes, make incremental improvements in the security posture, and also develop higher resilience against cyber-attacks. This is why incident management becomes a crucial element of your overall security outlook.
The traditional approach to incident management focused on creating coordinated response processes to resolve issues faster for reducing business disruption. However, today businesses need 24/7 connectivity. Any downtime affecting mission-critical applications can severely impact customer experience and can translate into huge reputational and financial losses. So, it’s crucial for businesses to not only plan contingencies but to also use tools that can predict potential business disruptions.
A proactive approach to incident management allows early detection and mitigation of potential threats before they cause major business disruption. It involves the usage of big data and AIOps to analyze all kinds of applications and infrastructure logs in order to detect patterns and anomalies and predict potential outages. As a proactive measure, you should also look forward to testing your incident response plan with tabletop exercises for breach simulation. Third-party vendors offering breach response services can better run such simulations to address issues with your incident management plan.
Today, most organizations have development practices with mature CI/CD pipelines. The boundary between the development and operational roles is increasingly blurred. In this environment, everyone needs to share responsibility for improving delivery speed, security and uptime.
For example, a developer should take responsibility for creating secure applications that handle AAA (authentication, authorization and accounting) in the right order, encrypts and obfuscates critical data and has gone through vulnerability testing before deploying it to production. Implementing DevOps will help you ensure that development teams plan and develop for live environments. By including developers in on-call routines, you’ll further their accountability and ensure applications are deployed quickly and monitored efficiently for maximum availability.
However, a proper, well-rehearsed response is needed whenever a breach or outage happens. This means, in addition to the internal and external (3rd party vendors) tech-teams, every stakeholder from HR, legal, and financial departments should always be ready to respond according to a set protocol. There should be explicit communication at all stages from incident logging to incident closure with responsibilities clearly defined in advance.
As discussed, the collaboration between different cross-functional teams can significantly improve your organization’s security posture. Also, in an age of continuous everything, continuous monitoring of your applications and infrastructure is vital for business continuity. While this may seem like a daunting task, adopting tools that leverage the advances in big data and automation can make this task significantly easier.
However, it’s important to realize that even though the right tool can go a long way in automating security and incident management processes, a tool is only as good as its user. Human errors (both intentional and unintentional) still remain a big challenge for IT teams. Hence, while investing in advanced DLP, IAM, and SIEM tools is crucial, you should also develop safeguards through employee education and awareness programs.
A centralized view of alerts alongside deep collaboration tools creates a holistic platform for incident engagement. Try a 14-day free trial of VictorOps or register now for a personalized demo to see how DevOps and IT teams are using VictorOps to make on-call incident management suck less.