Alan Zeichick is principal analyst at Camden Associates, a technology consultancy in Phoenix, Arizona, specializing in software development, enterprise networking, and cybersecurity. Follow him @zeichick.
SysSecOps. That’s a new phrase, still unseen by many IT and security administrators – but it’s being talked about within the industry, by analysts, and at technical conferences. SysSecOps, or Systems & Security Operations, refers to the practice of bringing together security teams and IT operations teams to be able to ensure the health of enterprise technology – and having the tools to be able to respond most effectively when problems occur.
SysSecOps focuses on tearing down the information walls, disrupting the silos, that get between security teams and IT administrators.
IT operations staff are there to ensure that end-users have access to applications, and that critical infrastructure is operating 24x7. They want to maximize access and availability, and need the data needed to do that job – like that an new employee must be provisioned, or a hard drive in a RAID array has failed, that a new partner needs to be provisioned with access to secure document repository, or that an Oracle database is ready to be migrated to the cloud. It’s all about technology to drive the business.
Same Data, Different Use-Cases
While the use of endpoint and network monitoring information and analytics are clearly tailored to fit the disparate needs of IT and security, it turns out that the underlying raw data is actually the same. The IT and security simply are looking at their own domain’s problems and situations – and taking actions based on those use-cases.
Yet sometimes the IT and security teams need to work together. Like provisioning that new business partner: It must touch all the right systems, and be done securely. Or if there is a problem with a remote endpoint, such a mobile device or a mechanism on the Industrial Internet of Things, IT and security may need to work together to determine exactly what’s going on. When IT and security share the same data sources, and have access to the same tools, this job becomes much easier – and thus SysSecOps.
Imagine that an IT administrator detects that a server hard drive is nearing full capacity – and this was not anticipated. Perhaps the network had been breached, and the server is now being used to steam pirated movies across the Internet. It happens, and finding and solving that problem is a job for both IT and security. The data gathered by endpoint instrumentation, and displayed through a SysSecOps-ready monitoring platform, can help both sides worth together more efficiently than would happen with traditional, distinct, IT and security tools.
SysSecOps: It’s a new term, and a new concept, and it’s resonating with both IT and security teams. You can learn more about this in a short nine-minute video, where I talk to several industry experts about this topic: “What is SysSecOps?”