What is SecOps? (and what are the benefits and best practices?)

(Image credit: Shutterstock)

Security isn’t just a matter for your dedicated SOC team, it’s an organisational-wide responsibility and one that ideally you need to manage through every stage of the business cycle. If you’re developing client software, you don’t want to find yourself implicated in a supply chain attack, and if you are building in-house, custom IT applications, you want to ensure that security is something that is considered from the get-go and continues to be factored in throughout the development cycle.

With businesses increasingly relying on the cloud to manage operations and resources, the security risks posed by applications, endpoints, infrastructure and users become more difficult to visualise and harder to manage and respond to. What is needed is an integrated security methodology. Enter SecOps.

What is SecOps?

Depending on the size and structure of your organisation, SecOps can range from a management methodology implemented across the entire business to one that is implemented in a specific IT project. The key to SecOps is that you bring in security considerations at the earliest, and ideally every, stage of planning and development.

The best way to understand SecOps is to first take a look at its better known counterpart, DevOps, and then consider what happens when we bring security into the equation. With DevOps, you aim to move away from a siloed approach where the development team and operations team work independently. Instead, you bring them together, working as a single, cohesive team that can respond better and faster to business challenges. This is done through integration of tools, practices, and goals, with effective tooling and automation at the heart of the process.

Now let’s add security to the consideration. When security is the focus of everyone involved in a project, from compliance to incident response, you start to enter the realm of SecOps. The fundamental idea is that you integrate security considerations into your Dev and Ops teams, automating security tasks across the development lifecycle, increasing accountability, visibility, and response at every stage.

What are the goals of SecOps?

Ultimately the goal of SecOps is to improve the security posture of the business, its products, and services by introducing security considerations as a shared responsibility. This goal can itself be broken down into a series of objectives.

Building more secure applications means establishing cross-team collaboration, so a major goal of SecOps is to overcome the siloed approach to organisational management. If you already have a DevOps approach, SecOps is a natural bolt-on. If you don’t, management buy-in is crucial to establish a clear roadmap and ensure commitment across the organisation or project.

Raising awareness of how security considerations cut across business operations is a major objective. When every member of the team is a “security champion”, your security posture is improved exponentially and in ways that no number of additional staff to your SOC could provide. As the old saying goes, you’re only as strong as your weakest link, and the goal of SecOps is to ensure that all team members are joining hands across the entire operational playing field.

Automation is the key to simplifying and standardising security operations. Developers don’t want to be told what tools they can and can’t use by security engineers, so a key objective is to ensure that tooling works for everybody. Choose tools with strong and consistent APIs that can be integrated with, and support, your dev, ops and security teams and which can scale as your company or project grows.

What are the benefits of SecOps?

There are several major business benefits of following the SecOps model. With an improved security posture, you naturally reduce the risks of a data breach, increase response times, and raise consumer confidence in your products and services.

On top of that, you can expect productivity to increase as staff benefit from automation, increase collaboration and have more confidence with clearer reporting and accountability.

An integrated security approach should also provide better ROI as automation and shared responsibility reduce the need for expensive security measures such as external human analysts and reduce the cost of staffing an ever-expanding SOC team in a market short of talent.

With security built in at every stage of the development cycle, you’ll be able to patch faster and more often, ship safer and more stable code, and see a decrease in problem reports and downtime.

What are the key roles of a SecOps team?

As security is now a responsibility of every member of the team, it’s critical that everyone understands how security best practices cut across their own processes and workflows.

In order to do SecOps effectively, there’s a need for continuous threat assessment. What does the business need to do to protect itself, what are the major threats and operational weak points? Your security team will be initially responsible for defining and maintaining this, but they need to both share intel, through training, and receive it in an ongoing feed from the rest of SecOps team as operations, products and services evolve.

Consequently, communication is vital, and it needs to be bi-directional and collaborative. Senior management needs to take responsibility for implementing effective communication channels and decision-making processes that are inclusive and support a shared vision of development.

With an increasing amount of endpoints connecting to your cloud assets from outside the traditional network perimeter, ensuring network visibility is crucial to SecOps. Ensure your teams have security tools that don’t require specialist training and which don’t interfere with productivity.

What are some best practices for implementing SecOps?

Implementing SecOps from the ground up is likely something you’ll need to do as a staged process, particularly if you’re not already working with a DevOps methodology.

Begin with a risk audit. What risks affect your company or your new project? This could include threats like malicious or disgruntled employees, supply chain vulnerabilities, industrial espionage or just criminal data theft. However, try to enumerate specific risks in your particular sector and company rather than just a generic threat profile. If you’re starting out on a new IT project, consider what risk factors are involved. Do you have cloud infrastructure properly configured? Who has access to what assets? Are you using 2FA and single sign-on? What operating systems are being used across your devices?

Once you have a risk audit, move on to assessment. For each kind of risk, consider what kind of risk it presents and rank them according to severity, then likelihood. For example, a complete loss of business operations due to an outage of your cloud infrastructure might be the most severe, but how likely is it? On the other hand, a lost or stolen laptop might be highly likely, but what kind of risk would that present? You need quantifiable answers to these kinds of questions.

Ensure you’ve covered the basics of good cyber-hygiene – 2FA, strong passwords, VPN, phishing detection and an automated endpoint solution that all your staff can use. Alerts that go unaddressed can easily miss a critical attack that could turn into a data breach.

Beyond the immediate basics, start building collaborative teams and working practices for the longer term where you implement security processes into the development and operational workflows from the get-go.


With a SecOps approach, security is the responsibility of everyone in the team and across every aspect of the business or project. This leads to products and services with fewer vulnerabilities, better compliance and faster and easier patching. You’ll gain visibility into your entire security posture, improving incident management and response. The ultimate benefits of higher ROI, improved productivity, and greater customer satisfaction are all natural outcomes of adopting a SecOps methodology.

Caleb Fenton, Research and Innovation Lead, Sentinelone

Caleb Fenton

Caleb Fenton is the Research and Innovation Lead at SentinelOne where he and his team analyze threats and research new ways to detect malware and anomalies, map networks, find vulnerabilities, and so on. He's been active in security research for over 15 years and maintains several open source malware analysis tools. His current focus of research is using machine learning and other analysis techniques to find attacks and suspicious activity in endpoint and network behavioral data.