SCIENCE
Scattergun Approach to IT Security Is Outdated, Inefficient, and Leaves Holes
Security Management is being touted as having the capability to provide integration and control into a technology sector that is already overpopulated with disconnected, point-based, protection products. However, a new report 'Security Management,' just published by Butler Group, Europe's leading IT research and advisory organisation, says the existing scattergun approach to IT security, which involves businesses deploying and utilising a range of individually focused protection solutions, is outdated, inefficient, and leaves security holes that are ripe for exploitation. Furthermore, the report makes it clear that no single software or security vendor can deal with all the issues that are being raised under the Security Management banner.
"It is time for all end-user organisations to demand a better future from the suppliers of mainstream security solutions," says Andrew Kellett, Butler Group Senior Research Analyst and co-author of the study. "Today's fragmented delivery of IT security services is not good enough, and must be replaced with a more integrated and manageable approach. Enterprise security needs to become more of a business enabler, and provide protection services that have the flexibility to grow and change alongside the business operations that it is put in place to protect."
For public and private sector business users, the days of the single function security protection system are drawing to a close
IT security is already a multi-billion dollar market sector (circa US$20 billion in 2004). Spend is predicted to reach close to US$32 billion by 2008, indicative of a technology sector that's presence, power, and influence will not be ignored.
It only takes one unprotected area of a system, or one incorrectly supported element of the business, to open up the entire operation to abuse. As such, the report emphasises the importance of organisations recognising that security solutions and services are necessary to deliver joined-up enterprise security. In addition, the growing raft of regulatory and compliance issues are further key drivers behind the need for integrated security services.
Butler Group believes that the IT security industry as a whole is entering a stage of its evolutionary lifecycle where across-the-board market forces will drive radical change.
"We have already seen a move towards the delivery of blended (protect against everything) solutions in the anti-virus, anti-spam, and firewall sectors. With other point-based protection markets moving in similar directions, the conclusion has to be that for both public and private sector business users, the days of the single function protection system are coming to an end," says Kellett. "Security technology can never fully succeed without being fully supported by the people that use its services (an organisation's users), and without published and understood security policies."
No single software or security vendor can deal with all the issues that are being raised under the Security Management banner
A Security Management infrastructure provides the ability to deliver security at every level of the organisation, and at every level of the supporting IT infrastructure. It involves making better use of existing security technology by underpinning and integrating its operational role with a central core of information and management services that can be used to provide common security services and common information flows.
In the world of IT security Butler Group takes the stance that enterprise organisations have had enough of pulling together a patchwork of security solutions in order to protect their networks, systems, and applications.
The end-user business community is looking for security solutions providers that can achieve the integrated delivery of protection facilities, and for vendors that can take overall responsibility for the delivery of this level of service without adversely impacting upon the day-to-day running of the business.
"When the individual security vendors talk about the way that technology can be used to deliver a Security Management infrastructure, their motives are of course driven by the range of solutions within their own portfolios," says Kellett. "One thing is very clear. No single software or security vendor can deal with all the issues that are being raised under the Security Management banner."
Going forward, it will no longer be good enough for security vendors to simply sell products. They must have the ability to provide integrated solutions that are secure and strong in the levels of protection that they deliver, and are also measurable and provable in the levels of information that they provide. These, in Butler Group's opinion are the core elements of a Security Management model.