SaltStack Report Finds Automation and Alignment are Critical to SecOps Success

May 6, 2020

SaltStack, the creators of intelligent automation for security operations and IT teams, released the findings of its inaugural research survey, The State of XOps Report, Q2 2020. The survey revealed that organizations using software to help IT and InfoSec teams collaborate and align are three times more confident in the effectiveness of their information security efforts.

Despite the obvious security benefits of improving team alignment, 54 percent of InfoSec leaders say they communicate effectively with IT professionals, while 45 percent of IT professionals agree. This was particularly true among respondents working in the financial services vertical where large enterprise teams struggle to collaborate and communicate to secure digital infrastructure.

The survey findings offer additional insight into communication breakdowns and how teams are working together to fix them. In companies where software is being used to help IT and InfoSec teams collaborate, managers are four times more likely to say their IT and InfoSec teams communicate effectively on important tasks. Moreover, these same organizations are eight times more likely to say their IT and InfoSec teams work together, not just communicate, effectively to secure infrastructure.

The survey did reveal two areas of undeniable alignment between InfoSec and IT professionals:

70 percent of both InfoSec and IT managers say their company sacrifices data security for faster innovation.
Both InfoSec and IT managers reported that data protection should be prioritized over innovation, speed to market and cost.

“Even though both IT and InfoSec teams agree security is more important than innovation, DevOps teams are outpacing SecOps teams and we now see rapid innovation with lagging security. This is particularly concerning because it increases the likelihood that infrastructure misconfiguration and known vulnerabilities are more exposed to bad actors,” said Alex Peay, SaltStack SVP of product. “Ultimately, an exploited vulnerability will lead to customer and revenue loss, regulatory violations, and diminished brand trust, which were the most-concerning consequences of a breach to our survey respondents. A security exploit combined with pandemic-induced economic headwinds might be the double black swan scenario that kills a company.”

SaltStack survey respondents estimated that a major data breach would cost their company roughly $707,000, on average. However, even with such high financial stakes, the rift between InfoSec and IT managers is apparent and persists despite the threat to business. InfoSec managers point at a skills and talent shortage, followed by misconfigured infrastructure and unaddressed vulnerabilities, as the top contributors to risk. IT managers said the highest risk stems from unintentional employee leaks and endpoint attacks.

“A number of recent breaches indicate system misconfiguration and unpatched, known vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases, are the most common cause of data exposure and successful exploits.” said Peay. “There are simply not enough skilled humans to secure digital infrastructure at scale without the force multiplier of security operations automation and improved collaboration among teams. Automation and collaboration are proven to be the difference between a breach, or truly secure digital business.”

Data from The State of XOps Report, Q2 2020 similarly suggests companies that automate security operations eliminate the most tedious and difficult security tasks, as cited by both IT and InfoSec managers, which include:

Patch management
Vulnerability prioritization
Compliance audits

Marc Chenn, CEO of SaltStack, “The survey data in The State of XOps Report, Q2 2020 affirms what we’re hearing from our customers every day. We’re at a tipping point for InfoSec driven by the sheer scale of digital infrastructure adoption by businesses of all stripes. We’re in an all-hands-on-deck situation and it is more important than ever for business to get the most out of their essential security and IT operations teams as they collaborate to fix what’s broken. The alternative is not acceptable. SaltStack SecOps products act as a unifying force for IT and InfoSec teams while ensuring effective, automatic remediation and compliance.”

For additional data and insights, download The State of XOps Report, Q2 2020 today.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Many of the security screening standards in use today were put in place decades ago. They addressed the threats at the time and employed the security screening equipment that was available.

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

SaltStack Report Finds Automation and Alignment are Critical to SecOps Success

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

SaltStack Report Finds Automation and Alignment are Critical to SecOps Success

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.