Hundreds of point security solutions and a poor industry record in security management have led to a level of complexity today that can still be resolved. However, little time remains, says visiting Computer Associates (CA) VP of security strategy, Simon Perry.
Perry`s address at CA`s offices in Sunninghill, Johannesburg, this week follows CA World in Las Vegas last month, where the talk was of consolidation of products and acquisitions, Linux and building on its systems management strengths.
Perry said the current confusion in security could only be resolved by vendor reduction, integration with existing systems and a managed approach.
It`s gone far enough
Systems complexity and information overload is already rampant. "As of four weeks ago, there were 357 security software companies, some operating in one country only," he said. "I`m not even talking of hardware yet, and not about the multitude of solutions either.
The result is that a lot of companies today have a highly variable range of security software across all their points of presence. Add to that the rash of vendor platforms, devices, applications, multi-user access and an emerging world of computing on demand with its extra provisioning of computing infrastructure, and it is clear that the complexity will be compounded many times over.
A managed approach
CA`s network systems management roots have allowed it to branch into security management, with a variety of solutions and its management console, eTrust Security Command Centre. Perry expects buying of security point products to plateau in 18 months` time, when people will look beyond "best of breed" products to a cohesive management strategy.
"This requires integration, even with a substantial reduction of vendors in one`s systems, requiring standards like lightweight directory access protocol to access data in various sources. This move is picking up speed," said Perry.
"As companies bleed money from vulnerabilities, manual user management, loss of brand equity in breaches, and the deafening noise of system event alarms versus genuine security signals, manual intervention becomes impossible and companies must move to a management approach," he said.
"Managed security does not seek to replace all existing gear, although consolidation is evidently needed. It reduces complexity and lays the foundation for an on-demand environment."
Share
