SecOps "Security Operations" is an approach created to facilitate collaboration between IT security and operations teams and integrate the technology and processes that use it to keep systems and data secure - all to reduce risk and improve business agility.
To understand the origins of SecOps, it is helpful to look at the movement that gave it its name: DevOps. Much like DevOps, SecOps was born in response to the challenges and risks of dysfunctional relationships between two teams. DevOps's development and IT operations teams needed to align their priorities and communications and use integrated automation to deliver software faster and more reliably. In the last few years since its invention, DevOps has become widespread.
Similar to the relationship between development and IT operations before DevOps, the most security and IT operations teams often operate in a state of dysfunction that results in ineffective and inadequate IT security measures. Despite the similarities, SecOps offers unique challenges that cannot be solved with DevOps solutions.
The term DevSecOps has gained significant popularity and attention over the past year. As the term gains popularity, it is sometimes used interchangeably with SecOps. While there can certainly be overlap, there are significant fundamental differences. DevSecOps was invented primarily to integrate security practices into software development, rather than tacking them on as an afterthought.
So it can be said that DevSecOps integrates security into the application development cycle. At the same time, SecOps maintains security and compliance for the IT systems on which those applications and their data reside.
SecOps requires security and operations teams to change how they interact and implement new technologies and processes that give IT security a real shot.
Early proponents of DevOps were quick to emphasize that it is a movement about people, not technology. However, while people are essential, the truth is that culture change (in DevOps or elsewhere) doesn't happen without technology to enable it. For DevOps, that was automation, infrastructure-as-code (IaaC), and the availability of cloud resources, which gave both teams access to the speed and precision they needed to apply DevOps.
Similarly, SecOps teams should look for technology solutions that allow them to define "security policies as code" that can be automatically and globally applied to any newly provisioned IT resource.
As with DevOps, automation plays a critical role in the effective implementation of SecOps.
SecOps teams also need to standardize security incident tracking in an actionable format. In an ideal world, scanning, prioritization, and remediation all take place uniformly in an automated process. iLert's flexible uptime platform lends itself to conveniently map one of the most critical parts of this process, notifying the right person at the right time in the event of a security incident and tracking and documenting the handling activities.