The recent CrowdStrike incident has highlighted the need for better cooperation between SecOps and IT infrastructure operations teams in order to ensure more resilient IT security practices. Rich Lane, an industry veteran with extensive experience in the tech sector, emphasized the growing divide between these two subdisciplines over the past decade.
Drawing on his background as the IT director for the City of Medford, Mass., as well as his previous roles in digital operations strategy and data security, Lane pointed to the aftermath of the Sony Pictures data breach as a turning point. Following the breach, there was a surge in demand for increased security measures, leading to the evolution of the Chief Information Security Officer (CISO) role and a greater separation between security and operations.
The recent CrowdStrike outage served as a stark reminder of the disconnect between IT security teams responsible for selecting tools and infrastructure operations teams tasked with supporting those tools in a production environment. While the incident was not the result of a cyberattack, it underscored the challenges faced by operations teams in managing security tools that they did not choose to implement.
Lane stressed the importance of bridging the gap between CISOs and CIOs to align security objectives with operational realities. He emphasized the need for better communication between vendors and customers during incidents, as well as the importance of accounting for the human factor in both cyberattacks and IT outages.
In addition to the responsibility of enterprise IT buyers, Lane called on software vendors to take ownership of their mistakes and communicate openly with customers in the event of an incident. He urged vendors to be transparent about any errors and to demonstrate a commitment to resolving issues promptly and effectively.
Looking ahead, Lane emphasized the need for SecOps and IT operations teams to collaborate on developing more resilient security practices and addressing the challenges posed by complex IT environments. By working together and fostering a culture of shared responsibility, organizations can enhance their ability to respond to security incidents and prevent future disruptions.
As the industry continues to evolve, the collaboration between SecOps and IT operations will be crucial in ensuring the effective and efficient management of IT security tools. By building stronger relationships and embracing a proactive approach to security, organizations can better protect their systems and data from the evolving threat landscape.