SaltStack Research Finds Automation and Alignment are Critical to SecOps Success
May 2020 by SaltStack
SaltStack® released the findings of its inaugural research survey, The State of XOps Report, Q2 2020. The survey revealed that organizations using software to help IT and InfoSec teams collaborate and align are three times more confident in the effectiveness of their information security efforts.
Despite the obvious security benefits of improving team alignment, 54 percent of InfoSec leaders say they communicate effectively with IT professionals, while 45 percent of IT professionals agree. This was particularly true among respondents working in the financial services vertical where large enterprise teams struggle to collaborate and communicate to secure digital infrastructure.
The survey findings offer additional insight into communication breakdowns and how teams are working together to fix them. In companies where software is being used to help IT and InfoSec teams collaborate, managers are four times more likely to say their IT and InfoSec teams communicate effectively on important tasks. Moreover, these same organizations are eight times more likely to say their IT and InfoSec teams work together, not just communicate, effectively to secure infrastructure.
The survey did reveal two areas of undeniable alignment between InfoSec and IT professionals:
• 70 percent of both InfoSec and IT managers say their company sacrifices data security for faster innovation.
• Both InfoSec and IT managers reported that data protection should be prioritized over innovation, speed to market and cost.
“Even though both IT and InfoSec teams agree security is more important than innovation, DevOps teams are outpacing SecOps teams and we now see rapid innovation with lagging security. This is particularly concerning because it increases the likelihood that infrastructure misconfiguration and known vulnerabilities are more exposed to bad actors,” said Alex Peay, SaltStack SVP of product. “Ultimately, an exploited vulnerability will lead to customer and revenue loss, regulatory violations, and diminished brand trust, which were the most-concerning consequences of a breach to our survey respondents. A security exploit combined with pandemic-induced economic headwinds might be the double black swan scenario that kills a company.”
SaltStack survey respondents estimated that a major data breach would cost their company roughly $707,000, on average. However, even with such high financial stakes, the rift between InfoSec and IT managers is apparent and persists despite the threat to business.
InfoSec managers point at a skills and talent shortage, followed by misconfigured infrastructure and unaddressed vulnerabilities, as the top contributors to risk. IT managers said the highest risk stems from unintentional employee leaks and endpoint attacks.
“A number of recent breaches indicate system misconfiguration and unpatched, known vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases, are the most common cause of data exposure and successful exploits.” said Peay. “There are simply not enough skilled humans to secure digital infrastructure at scale without the force multiplier of security operations automation and improved collaboration among teams. Automation and collaboration are proven to be the difference between a breach, or truly secure digital business.”
Data from The State of XOps Report, Q2 2020 similarly suggests companies that automate security operations eliminate the most tedious and difficult security tasks, as cited by both IT and InfoSec managers, which include:
• Patch management
• Vulnerability prioritization
• Compliance audits
Marc Chenn, CEO of SaltStack, “The survey data in The State of XOps Report, Q2 2020 affirms what we’re hearing from our customers every day. We’re at a tipping point for InfoSec driven by the sheer scale of digital infrastructure adoption by businesses of all stripes. We’re in an all-hands-on-deck situation and it is more important than ever for business to get the most out of their essential security and IT operations teams as they collaborate to fix what’s broken. The alternative is not acceptable. SaltStack SecOps products act as a unifying force for IT and InfoSec teams while ensuring effective, automatic remediation and compliance.”