Hoff recently posted that Virtsec is an operations problem (here). I would further this line of thinking and post that security in general is an operations problem.
At the recent Gartner IT Security Summit Peter Firstbrook presented a session on the future of desktop security through 2018 – during the presentation he polled the audience to respond to several questions, one of them was along the lines of “How many people believe that security functions, such as endpoint security, should be managed by the operations teams and integrated with systems management technologies?” 90% responded yes, note these were predominately security professionals and they were essentially agreeing to acquiesce management responsibility of certain asset-based security functions, such as endpoint protection, to the operations team. Now this isn’t really new since in most organizations security teams do not generally patch, configure, deploy or modify infrastructure, although they may inform, audit, and monitor the infrastructure – what is interesting to me is that I asked a similar question about 4 years ago at a Gartner IT Security Summit and only about 30% responded “yes” to the operationalization of security question. What has changed?
Systems manageability has become a critical aspect of effective security management. The proliferation of agents to address compliance and security concerns has shifted the demands for best of breed widgets to best of breed manageability. This is driving the convergence of systems and security management I have been espousing (here) and (here). Systems and PC life-cycle management technologies will converge with endpoint protection technologies.
If this convergence is inevitable then why are companies like Symantec and others so slow to bring a converged solution to market? Simple – they are economically disincentivized to innovate this way. They can maximize revenue with separate products since a single integrated product will have a lower price point as well as lower adjacent revenue streams, such as professional services, maintenance, etc. It is in their best interest to speak to integration but to move slowly to deliver.
The vendors are not alone in how slow they evolve, organizations have been equally slow in moving as much day to day administration and management of security technologies to the operational teams where they should reside. This enables security to focus on the lean-forward aspects of their jobs, namely monitoring and responding, as well as the lean-back aspects which should really be defining and driving policies to better enable business agility and availability.