Virtualization Technology News and Information
SaltStack 2020 Predictions: Security Operations (SecOps) in 2020 - Automate, Comply, Protect

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Thomas Hatch, CTO and co-founder, SaltStack

Security Operations (SecOps) in 2020 - Automate, Comply, Protect

There is a pervasive belief in the industry that poor cyber hygiene practices are rendering security efforts ineffective in today's IT environments. While poor hygiene may be a symptom, it is not the true root cause. In many regards we're faced with issues of human capacity, crippling workloads, limited technical knowhow, the increasing speed of innovation and expanding regulatory landscapes which make proper hygiene an almost insurmountable challenge. But these are the conditions we must confront as we look to the future of infrastructure security operations. 

Year after year, cybersecurity stakes grow but breaches, exploits and attacks continue to vex IT and security organizations and the businesses they serve. According to Gartner, 99% of exploits occur on systems with vulnerabilities or misconfigurations known to IT teams. Not only are these vulnerabilities known, but they also have fixes or patches available - an intimidating statistic that tells us a lot about the challenges faced by security operations teams in the enterprise. Security and IT teams know where the vulnerabilities are, but lack the ability to protect their organizations due to the sheer scale and complexity of the task at hand. It's through this frame of reference that we must look to 2020 as an opportunity to refine our approach to SecOps to take control of basic cybersecurity hygiene so  we have a fighting chance to protect our businesses and our customers' data.  

So how do we get there? We start by thinking about force multiplication and automation - doing more with the resources we have and exploiting the foundational infrastructure and technologies on which we've already built our businesses. As such, it is critical to familiarize ourselves with several key concepts that can help ensure that any organization is prepared to mitigate evolving security and compliance conditions as IT environments grow in scope and complexity:

  • Hyperautomation: Hyperautomation is the combination of machine learning (ML) and automation to deliver workloads with optimal efficiency and effectiveness. Applied to IT security, hyperautomation offers the ability to tackle pervasive SecOps challenges like continuous compliance and security remediation at enterprise scale. There is the added organizational benefit too, that hyperautomating SecOps helps to insulate an organization from liabilities associated with security threats and non-compliance and the damage it can cause the business.
  • Cognitive Human Augmentation: Human augmentation creates both cognitive and physical improvements to the human experience through the amplification effect of technology. Cognitive augmentation specifically refers to the ability to improve human performance through access to information and applications within traditional IT systems. In SecOps, this should come in the form of rich intelligence meant to assist IT and security teams with decision making in the form of threat intel, CVE advisories, system scans, remediation workflows and other forms of security content that can be used to address vulnerabilities and perform continuous compliance scans automatically. There aren't enough humans in the world to do this job effectively.
  • AI Security: Artificial intelligence (AI) is a key force multiplier for IT and security teams, and it can be applied in a number of ways within a single IT stack. Applied to SecOps, AI security should be all about looking in the darkest parts of the shadows of data for anomalies that might otherwise be missed. While hyperautomation and augmentation allow SecOps teams to get to the work of production infrastructure security and cyber security hygiene that is otherwise impossible at scale, AI security is meant to continually monitor the zeitgeist of data to inform security measures, enhance defenses, protect key systems and mitigate the external threat of malicious actors.

The fact is most of the money and resources spent on security and compliance goes toward tools that can only show security IT teams the vulnerabilities and security issues found in an environment, but can do nothing to fix or remediate the issue. This is akin to a product that only tells you that your house is on fire but does nothing to actually put it out. Hopefully, security and operations teams have not been burned so many times by that they've become desensitized to the continuous threats of fire at the door.

We are at a juncture where we have the technologies and vision to end the "poor hygiene" excuse creating continued security missteps and malaise. We need to apply innovation that reaches across IT operations and security teams to foster collaboration, process improvement and the embrace of automation. Getting comfortable with the terms above, at least in concept, is a starting point, but the real work (and the real benefits) will come from putting the right pieces in place to create a fully functioning, automated approach to SecOps that will support your organization.


About the Author

Thomas Hatch 

Thomas Hatch is the creator of the Salt open-source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and IoT. Thomas built fully automated, secure IT environments for the U.S. intelligence community in addition to decades of experience implementing global infrastructures for the largest businesses in the world. Thomas' knowledge and hands-on experience with dozens of new and old infrastructure management technologies helped establish the vision for SaltStack. He has shared his knowledge of IT security and management automation with tens of thousands of practitioners at more than 100 industry events. Thomas and SaltStack have been recognized with numerous awards ranging from open source community growth to innovation in automation and cybersecurity. For his work on Salt, in 2012 Tom received the Black Duck "Rookie of the Year" award and was named to the GitHub Octoverse list in both 2012 and 2013 for leading a project with the highest number of unique contributors, rubbing shoulders with projects from Android, Mozilla, and OpenStack. More recently, SaltStack SecOps was chosen by CSO Magazine as one of the hottest new products at RSA Conference 2019. 

Published Thursday, January 30, 2020 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>