Security

The CIO's real security headache

Too many security technologies overlap or much worse leave gaps in between that could let hackers through. We need a more coordinated approach, and fast.

I have been through enough technology revolutions to know that emerging technologies are often disruptive and fragmented at the beginning of their lifecycle.

We have seen this with mobile applications, software as a service, analytics, converged networking and many others in the past couple of decades.

However, in the past these have evolved in a way in which integration and industry standards forced alignment and vendor cooperation. In addition, as an IT leader I could wait out the turmoil and choose to enter the market for these technologies when they matured to a point where integration and intuitive application within my business drove a compelling business case.

Security systems, though, are a different story. They are riddled with overlap in function and constructed in a way in which impedes rather than encourages integration and system alignment.

Furthermore, I do not have the ability in today's climate to wait out the storm in hopes that companies develop well thought out products that work in conjunction with one another. My compliance obligations demand I implement security products to handle all threats.

So when I look at data loss prevention, security information and event management, next generation firewalls, malware protection and more it bothers me that these technologies are very close to one another. They are similar in how they go about assessing and managing threats in that they analyze network and data traffic for anomalies and isolate and alert patterns which are of concern and may be indicative of intrusive behavior.

I need all of them if I want to be secure and compliant and they are all expensive.

In addition the funding to implement, manage, monitor and maintain these systems is excessive, especially in that other than reducing risk it serves no inherent or obvious business benefit.

The cost to manage these systems detracts from my ability to use funding to innovate or improve business services and capabilities. Common sense dictates this has to change: however I cannot afford to wait, and have spent or am spending money on these solutions.

A ray of hope has come with recent aggregation of security companies and systems such as Intel or Cisco acquiring smaller technologies to integrate within solutions. In addition, you are seeing smaller companies trying to grow by merging or acquiring other providers. So maybe there is hope.

The bigger issue and the one in which I think is the most profoundly impacting the security of every company today is not about money or failed cooperation between companies.

My fear is that the security industry, through not collaborating, is causing gaps in our ability to secure networks and data and yet they are the ones we turn to protect ourselves. By working together to align solutions and products and provide a united front in the face of all the current threats that exist these companies would reduce security incidents and impacts. The challenge is I am not sure that this is always part of their business model which presents the biggest challenge for the IT community today.

The Naked CIO is an anonymous technology executive.

More from the Naked CIO

Naked CIO: Where's the innovation in IT?

It's time to tell the truth about bad data

Naked CIO: Why it pays to pick your battles

Editor's Picks

Free Newsletters, In your Inbox