Integrate Cybersecurity Incident Response in DevSecOps
This article examines the need for cross-functional integration and integrated communication between development and security teams to prevent communication dead zones and avoid delays in alerting and remediation.
Save to Folio
In today’s age of fast-moving people, processes, and teams, businesses need to stay one step ahead of the curve. This means balancing a system committed to the company’s mission, while also having a vision that’s dynamic and agile enough to remain innovative and react to change.
Developing efficient enterprise software is like competing in a relay race: from requirement gathering to development, deployment, monitoring, and support, many individuals with varying skill sets must work together efficiently to get the app to the finish line. But shipping the app is one thing, making sure its secure enough to handle business needs without constant reconfiguring is another. When it comes to successfully incorporating security throughout the build process without slowing down workflows, collaboration and integrated communication are vital.
This article will dive into the role, purpose, and processes of a successful DevSecOps operation.
What Are Cross-Functional Processes?
Cross-functional processes are projects and tasks requiring teams to develop, deliver, monitor, and support a standard product or fulfill a common goal. These teams — which can include company employees, freelancers, or client representatives — all play a role in the successful development, deployment, and operation of an application.
Using our relay race analogy, these teams are the individual athletes who must work together to win the race. An organization can have as many teams as it requires, but each team must have relevant skills and information to achieve a successful cross-functional process.
A typical cross-functional process involves teams such as:
- User interface and user experience
- Quality analysts
- Software developers
- Incidence and response team
Though differently skilled, there’s usually a significant overlap between the responsibilities of individual teams actively involved in delivering the finished project. This makes having an effective cross-team communication system necessary.
For example, the computer security incident response team may have to analyze the activities of a potential threat to several assets that different teams may manage. Then they’d communicate with those teams through established communication channels.
What Is Integrated Communication?
Integrated communication is a communication system that ensures the smooth flow of real-time information in all relevant communication channels in an organization. We use many different tools to communicate and stay abreast of project, team, and organizational development. For example, we often use Jira to stay on top of our software’s development life cycle, Git for version control, Jenkins for continuous integration, Confluence for collaborative creation, and Slack for team correspondence.
Why Should We Facilitate Cross-Functional Communication?
In a crisis or security incident, the success of our mitigation strategies hinges strongly on how soon we begin to implement our crisis and incident management procedures. The singularity of functional teams often means that they can use any communication stack of their choice. The downside of this is that it can prevent prompt access to information by members of different teams. This means data can end up siloed in a single team’s communication stack. Even if we have instituted a proactive response plan, it will be ineffective if we can’t promptly pull information from anywhere needed.
We can avoid this by integrating and preserving information in our various communication tools. Incident management procedures are unique to the business processes of the organization, not individual teams. Communication tools should enable it — not limit it.
Incident remediation is a cross-functional process. It should be possible to make information available so that teams can pick up the relay baton, do their part, and hand it off to ensure timely incident remediation. When we efficiently integrate our communication tools, team objectives are more transparent, reducing communication silos. They make decision-making faster because information gets to all the respective persons promptly.
Best Practices for Integrated Communications
Though it’s possible to limit access to certain information, it’s essential to have end-to-end communication solutions. The following best practices will help ensure that we stay on the right track when integrating our communication processes.
Develop Methods for Quick Conflict Resolution
It’s essential to be proactive about our internal and external communication processes in any incident by developing an incident communication management plan. A well-thought-out plan needs the right integration tool to ensure a smooth process. Some organizations only pay attention to external communication, such as clients and the media. We also need to include an internal communication procedure in our plan to establish an unambiguous way of determining who is responsible for kicking off remediation and how to proceed responsibly.
Returning to our relay example, every runner must know when to run. We can’t complete the race successfully with runners overlapping — or worse, everyone assuming it’s someone else’s turn. A clear internal communication plan ensure everyone always knows who’s holding the metaphorical baton and to whom they should hand it off. Situation management requires a series of responses. Mission-critical business processes, crucial infrastructure, and essential assets might be affected, and a business continuity plan is necessary to preserve operations during a crisis. With proper communication management, organizations can remediate crises as quickly and efficiently as possible.
Also, internal communication procedures need to specify how and what information to share with stakeholders, who should share what information, and when it should be shared.
The only way to avoid an incident turning into a crippling event is by having a strategy that enables us to respond even before we can fully grasp the situation. Such a strategy might mean:
- Having a contingency plan and infrastructure
- Making improvements where necessary
- Having a "first aid” response that might precede a more comprehensive mitigation strategy as part of the overall response plan
- A first-aid response would primarily require identifying, protecting, or isolating our most critical infrastructure, resources, and assets.
Finally, we should avoid unnecessary overhead as much as possible. Every part of the plan should be straightforward and directly relevant to the resolution of the incident. Ultimately, the sooner we respond to a crisis, the faster we can resolve it and incur less damage.
Provide Best-In-Class Tooling Integration
A well thought out plan needs the right integration tool to ensure a smooth process. Even the most thorough plans can be useless if you don’t have the method to communicate efficiently across different teams.
Ideally, you want a tool that is integrated with your security solution, so everyone, no matter their role, is notified of an event at the same time. Trend Micro Cloud One™ is a security services platform comprised of seven solutions.
By leveraging a platform, you gain visibility across all your security needs, from file storage, to compliance, to open source code. And, if any of the solutions detect and potential attack, they all integrate with your communication tool of choice to push notifications. Think of Trend Micro Cloud One as your one-stop-shop for all your modern cloud app needs, including efficient, integrated communication tools.
Integrated communication is necessary to prevent communication silos in organizations with cross-functional teams. Integrated communication is vital for timely and efficient remediation during security incidents. To do it right, we need best-in-class tooling integration and a conflict resolution plan that is transparent to every organization member, straightforward to implement, and efficient.