I was recently in NY during the week is the 10th anniversary of 9/11. I drove by Ground Zero and realized what they are doing there is illustrative of what has to happen within IT. Where the two towers once stood, they are building a single, taller, larger, stronger tower called the Freedom tower.
Not so long ago enterprises’ data center and security teams didn’t even know each other and were independent silos of responsibility, analytical information and processes. The modis operandi was “never the twain shall meet”! It wasn’t an overnight event, but as businesses became more information centric and less system centric, best practices required the dissolution of those two silos.
Information has to have two attributes, availability and security. Information that is secure but not available is worthless. Information that is available but not secure is suspect. IT had to deliver both. The need for the data center/security merger was probably best demonstrated in 2005 when Symantec (then a pure play security vendor) merged with Veritas, which was all about the data center. Initially the industries on both sides of that aisle scoffed. Since then, EMC has bought RSA, Intel has bought McAfee and IBM has been buying security technologies by the handful.
Six years later, it is simply a given that risk definition and risk tolerance have to include consideration for both. The differences between today and 2005, however, are significant. Today, the craftsmanship of the malware writers is much better; therefore, security in one form or another must be a part of every IT decision. We are dealing with an economy that has pressed IT to squeeze as much efficiency out of the existing infrastructure as possible. With limited IT staff and funding, efficiency in the forms of automation, outsourcing and the redefinition of risk tolerance are now parts of the equation.
Note, at no time have I used the words cloud computing, virtualization or mobility. Those three business functions are the best contemporary indicators of why the lines on an IT’s organizations chart must be dotted, erased or blurred to a faint vestige of what they once were. In their place there needs to be a single, stronger, efficient, effective and secure organization that can resist and repel the attacks your company may be facing.
Not so long ago enterprises’ data center and security teams didn’t even know each other and were independent silos of responsibility, analytical information and processes. The modis operandi was “never the twain shall meet”! It wasn’t an overnight event, but as businesses became more information centric and less system centric, best practices required the dissolution of those two silos.
Information has to have two attributes, availability and security. Information that is secure but not available is worthless. Information that is available but not secure is suspect. IT had to deliver both. The need for the data center/security merger was probably best demonstrated in 2005 when Symantec (then a pure play security vendor) merged with Veritas, which was all about the data center. Initially the industries on both sides of that aisle scoffed. Since then, EMC has bought RSA, Intel has bought McAfee and IBM has been buying security technologies by the handful.
Six years later, it is simply a given that risk definition and risk tolerance have to include consideration for both. The differences between today and 2005, however, are significant. Today, the craftsmanship of the malware writers is much better; therefore, security in one form or another must be a part of every IT decision. We are dealing with an economy that has pressed IT to squeeze as much efficiency out of the existing infrastructure as possible. With limited IT staff and funding, efficiency in the forms of automation, outsourcing and the redefinition of risk tolerance are now parts of the equation.
Note, at no time have I used the words cloud computing, virtualization or mobility. Those three business functions are the best contemporary indicators of why the lines on an IT’s organizations chart must be dotted, erased or blurred to a faint vestige of what they once were. In their place there needs to be a single, stronger, efficient, effective and secure organization that can resist and repel the attacks your company may be facing.
Neils Johnson
Security@acgresearch.net
www.acgresearch.net
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.