Are IT Teams Too Busy?
IT and security teams are under more pressure than ever. With a massive list of priorities, what should they be focusing on?
IT Teams Are Under Pressure
Imagine a war with one side retreating to the confines of a castle. With the enemy approaching, the king issues orders that weapons to produce weapons in greater quantity, train the troops in combat, and to repair all chain mail and helmets immediately. When the opposition forces arrive and begin to storm the defenses, the troops are so busy carrying out the king’s orders that they don’t have time to man the ramparts. The castle falls.
Ridiculous as that example may seem, that might be what is happening in some IT organizations, according to the Global CISO Report by Dynatrace. It reveals that many IT and security teams are under so much pressure to accelerate innovation that they face a tough choice. Do they work on speeding up software delivery to meet their long list of deadlines, or do they turn their attention to urgent security matters?
In such circumstances, 64% said they would opt for speed and would focus on the innovation deadlines. This might explain why data breaches and serious security incidents are so commonplace. However, such choices put their organizations at risk as blind spots are left exposed to potential threats, and vulnerabilities are left open for hackers to exploit.
This may be a consequence of a trend that has been going on for twenty years: Demanding IT do more with less. Go back a decade or so and there were separate teams for storage, networking, applications, system administration, databases, and more. Nowadays, fewer and fewer resources are being asked to cover all functions – and manage the cloud, too.
Another reason could be the emergence of agile software delivery approaches that have the goal of speeding up the pace of product delivery and application development. DevOps and DevSecOps practices have achieved success on many fronts. But an unforeseen consequence may be that executives no longer have any patience for IT spending time over vital matters – like security.
DevOps teams are often tasked with ensuring code is free from vulnerabilities as they develop the code. If there is any time pressure at all, it is easy to see how the security side may receive short shrift. Items such as security scans, vulnerability scans, and patching of systems may fall lower down the to-do list.
The Dynatrace report also notes that:
- 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.
- 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.
Automation is the Answer
With IT resources, in some cases, struggling to find the time to fulfill their security responsibilities, automation is the answer. Automation has made great strides in areas such as the cloud, virtualization, and system management.
But security automation tends to lag behind as a way to remove the tedium and repetitive nature of manually dealing with functions such as vulnerability scanning and patching. It can take a while to wade through alerts and logs to isolate potential problems from false positives and noise. Management and process automation are essential.
Automation brings simplicity to multistage tasks such as patching virtual servers. Instead of manually patching a VM guest, rebooting, then patching the host, and rebooting again, and another reboot. Automation can take care of all functions with one click and replace a great many scripts, too.
Automation takes care of areas like:
- Patch distribution: sending the right patches to the right devices rapidly.
- Patch supersedence (automatically ignoring older patches that are included as part of a newer release)
- Eliminating network overload: If you push Microsoft Office patches out to 300 machines simultaneously, it can stall the network due to the quantity of data involved. Intelligent management platforms send the patch across the wire once to be shared peer-to-peer within the network.
- Mobile devices returning to the office: The system detects their presence, quarantines the devices, checks for compliance, and remediates any issues before allowing them back onto the network.
- Patch approval: Some organizations require various points of approval before patches are released. Good management tools make it easy to set this up once and thereafter be implemented automatically as part of the patching process.
- Audits: Integrated management of vulnerability scanning and patch remediation simplifies the task of gathering up information for audits via drag and drop capabilities.
- Patch roll back: If a patch caused an issue, it should be a simple matter to roll it back without IT jumping through hoops.
- Threat alerts: Intelligent management sifts through enormous log entries and narrows threats downs to the handful requiring urgent attention.
How Syxsense Can Help
Syxsense can do all of the above, saving IT personnel valuable time that they can then focus on meeting strategic deadlines. Syxsense Secure combines IT management, patch management, and security vulnerability scanning in one automated solution.
Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.