In other words…I got it, you take it!
Lately I’ve seen many customers struggling with how to spend their very limited IT budgets. Everyone says Security is top of mind , but since security tools are often looked at as an insurance policy, and appear to do little to help IT satisfy their SLA’s, or align with the companies objectives (Customer acquisition/retention, improved product margins), it is a tough decision to spend hundreds of thousands of dollars on a tool that will only help one aspect of the organization.
What most IT Directors are telling me, is that they have “many tools, but no big picture”. They don’t know how to streamline their operation (do more with less), while making it more “user friendly” and effective for multiple teams to address IT Services.
Often times, Security Operations and IT Services use completely different metrics, and tools to measure those metrics. Network ops have performance monitoring tools, Security ops have SIEM, Server teams have Application Monitoring tools, and on and on. Add to that teams who are tasked with tracking user identity and activities or locations and the unfortunate help desk personnel who have no ghost buster to call, even though they are the front line of IT.
Large (and I mean very big) companies have the luxury of having hundreds of people who use dozens of disparate tools to detect and identify events that could cause harm to the company, or at least disrupt user productivity. These companies have built their operation over long periods of time around groups of individuals who are comfortable with their favorite “tool de jour”. Many times, these groups have been created through acquisitions, so they are really still speaking different languages and not communicating effectively.
That is not to say the IT Director doesn’t feel the pressure to do more with less, but it is a lot tougher to introduce innovation and change in a very large organization, so they are often motivated to not “rock the boat” and to continue down the same path that got them into this situation in the first place.
Mid-market companies have many of the same issues and concerns, the problem for them is often greater since they may only have a fraction of the headcount doing everything from monitoring the network, securing databases, resetting passwords, installing patches on web servers, even adding new devices or changing configurations on existing devices. In fact, they are also the Help Desk for the entire company. Many of these companies operate under the same regulations as their larger counterparts and therefore feel even more pain and must do more with less of everything.
At their worst, some events can actually take down revenue producing e-commerce web sites for minutes, hours, or days. At best, using disparate tools to monitor these activities only complicates accountability, and does not serve to align IT with Business goals and objectives. During an outage of any kind and for any reason (including maintenance), IT is under pressure to report who did what, where, how, and hopefully why this disruption occurred, and frankly how can the disruption be avoided in the future.
In my humble opinion, all IT organizations benefit when each unique (not disparate) group under IT has a similar vision of how all operations are interconnected, each device, each application, and most importantly each event. One view, one set of metrics, one source of accountability, one IT Service goal, all while maintaining a separation of duties for regulatory compliance and ultimately avoiding catastrophe.
Only when Security is viewed as a cooperative effort within IT Services, will businesses truly “get what they are paying for”. Disparate legacy tools served a purpose in their day, but that day has passed. Just like each agency under our federal government has been tasked to share information to protect our country, each area of IT must do the same in order to serve their respective stakeholders.