Eliminating Misunderstandings Between Information Security and IT Operations

Eliminating Misunderstandings Between Information Security and IT Operations

Puppet
Published by: Research Desk Released: Nov 26, 2019

Key misunderstandings get in the way of cooperation and better vulnerability remediation.

Why can’t your security and IT operations teams see eye‑to‑eye?

Why aren’t security vulnerabilities remediated immediately?

When organizations maintain a division between IT operations and information security, different methodologies, tools, and processes lead to a lack of collaboration. While IT operations focus on making information available by maintaining and improving virtual and physical infrastructure, it can often seem like security teams work to obscure information and reduce availability through strict access controls and policies.

These different approaches lead to different processes, creating significant issues in organizations when it comes to remediating vulnerabilities and addressing compliance. There are more misunderstandings. As a result, progress is slower, less efficient, and more expensive that it has to be.

Vulnerabilities: Exposed and exploited

Because of the break-neck pace at which vulnerabilities can be exposed and exploited, security teams are required to usesophisticated tools to scan, test, and audit networks, systems, and services. However, most IT operations teams still use many manual processes to remediate detected vulnerabilities. This gap between detection and remediation of vulnerabilities slows down the entire workflow, making it inefficient and consequentially exposing the infrastructure to external attacks.

There are more vulnerabilities being exposed than ever before. In 2018, the number of new vulnerabilities increased by 23% compared to 2017, and by 162% compared to 2016. In order to keep infrastructure safe and secure, IT operations and security teams must align their efforts to track vulnerabilities, detect them, and remediate when needed.