Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Kevin O'Brien
Kevin O'Brien
Connect Directly
E-Mail vvv

The Rise Of SecBizOps & Why It Matters

By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.

The term "DevOps" was popularized in 2008 in reference to the cultural movement that emphasizes collaboration and communication between software developers and IT leaders while automating software delivery and infrastructure changes. The goal of the DevOps movement was to break down the informational silos to make software development, testing, and releasing faster and more reliable. 

Eight years later, we have found that the DevOps movement must be expanded to incorporate the growing importance of cybersecurity. We are now in the era of "SecBizOps" – a crucial next step in protecting sensitive information from increasingly advanced and destructive cyberattacks.

The widespread adoption of cloud services over the past five years has driven a populist shift in the business technology landscape; as organizations flock to the cloud and embrace productivity-boosting tools like mobile corporate messaging and email platforms, business apps have become increasingly democratic, empowering a rapidly expanding base of ordinary users to communicate and collaborate with ease. This growing transfer of business activities and data to the cloud has given rise to the demand for SecBizOps.

SecBizOps applies the DevOps philosophy to breaking down informational siloes between IT and departments like finance, marketing, and sales. The goal is to natively integrate a frictionless information security strategy into user workflows - one that complements rather than conflicts with technology-centric security investments.

Furthermore, SecBizOps uniquely tackles today’s toughest IT and cybersecurity challenges, namely:

  • Supporting always-on employees and their systems;
  • Supporting mobile devices and BYOD: the always-on access to critical business infrastructure results in the disappearance of a concrete perimeter; 
  • Improving user experience: the increase in technology’s use and ease of use brings with it greater UX expectations. If security is too complicated and requires too much deviation from their usual workflow, employees will find a way around it;
  • Protecting employees: the rise of social engineering/non-payload attacks means that just securing systems isn’t enough anymore. Organizations must secure humans as well. 

Why SecBizOps Matter
In this environment, IT and security teams must work together to make cybersecurity strategies integrated, automatic and visible to the business users themselves. However, many of them do not know how to do this effectively.

The key to stopping cyberattacks is not more tools but adopting a shift in mindset instead. One of the trends we see is that bolstering detection capabilities is more effective when coupled with automated response capabilities and preventive controls that inform and guide behavior rather than prohibit users from working. For the average end-user, security should be front and center, but only when security is relevant.

Security awareness training also needs to be re-tooled. Instead of simulating false attacks, IT and security teams need to find better ways to alert users in the moment that they are exposed to real ones – and give them the tools to get involved and help make a difference in their own security.  

As part of this evolution, IT and security teams must keep in mind that SecBizOps is a cultural shift and not yet another tool that promises more than it delivers. Our current outdated mindset has spawned IT leaders investing billions in perimeter-based security solutions and training, despite the near-complete erosion of the traditional perimeter as we know it. These integrations are complex, highly expensive, and ultimately ill-suited to address the most effective low-volume, hyper-targeted types of attacks that we see today.

Tom Shultz of Gartner Research pointed out at last year’s Security and Risk Management Summit in London that the paradigm for training, behavior-shaping, monitoring, and employee-enabling technologies will shift as organizations respond to a technological landscape that embraces cloud services, mobile access to corporate messaging and email platforms, as well as growing freedom for employees to use technology in new ways.

Getting Security to "Just Work"
This shift puts SecBizOps on the front line of enterprise security because users – especially non-technical users - increasingly expect security to "just work." In other words, security that is timely, comprehensible, and minimally obstructive will be effective; security that impedes business will not.

But adopting SecBizOps is not as daunting as one may think. First, security and IT teams should take a risk-management approach to their entire security landscape. By implementing security where it will have the highest return-on-investment — for example, by identifying the types of risks that most often lead to large or frequent breaches or loss within your industry or across the market as a whole, and addressing those areas first — it is possible to interweave security into the systems that most need protection.

The simple fact is that nobody really likes security except security professionals. By aligning information security spend and technology with the core business requirements of the business, it becomes a business enabler, rather than a business impediment. As one CISO put it in a case study we performed some years ago, this alignment of need and technical capacity is akin to "getting out of the business' way, but ensuring that the right protections are in place to keep it on the right path even as its speed increases."

The technological landscape will change, first and foremost. What we see today as the systematic set of interaction points between executives, trusted partners, and vendors (email, chat, CRM, web, social, etc.) is incredibly dynamic. One of the challenges for a SecBizOps-aligned team is thinking not in terms of point solutions for technologies, but rather in terms of the hub-and-spoke model of infosec. 

This is a view in which data (the hub) is accessed by myriad platforms and products (spokes). Security that exists at the center of the model and protects against types of threats becomes a scalable center, whereas products that focus on the deficiencies or vulnerabilities of spoke-level technologies is commoditized at best, and distracting at worst.

We see the foundation of a SecBizOps approach to be around securing against deception-based attacks. Two years ago, the term was "targeted attack protection," which doesn't adequately convey the character of the kinds of threats that business users face from attackers in the wild. Instead of thinking about targets, SecBizOps looks at tactics, and informs a security approach that aligns to those tactics more directly than in previous generations.

Related Content:


Kevin is GreatHorn's CEO and Co-Founder. With a background in the cybersecurity industry that began in the late 1990s with the seminal security firm @stake (now Symantec), Kevin has held multiple senior executive roles in Boston-area startups, and is a frequent speaker and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/2/2016 | 9:51:16 AM
Awesome article, Kevin!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...