Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Convergence of Security and IT Operations

By Guy Churchward

The past few weeks I’ve been convincing myself that an interesting, maybe even ‘thought provoking’ blog on the convergence of IT operations and security would be of value. The signs are definitely here, our clients talk about it, every analyst I meet asks me about it, so it seems to make perfect sense to get ahead of the trend and plant the proverbial stake in the ground.

Let’s assume for a second that security is exclusively the job of IT. Let’s look at how it’s evolved into the multi-billion dollar specialist field it is today. Back when I sported a skinny leather piano tie, I’d pull all-nighters backing up the mainframes and then loading the tapes into the boss’ car for off-site storage. Security was a guy named Dave who seemed to relish clubbing unsuspecting window breakers on the head for trying to make off with my IBM 5251 (probably thinking their kids could use it to play space invaders).

Mainframes didn’t give the people what they wanted, so expense accounts were abused and Apples and PC’s started appearing. Dave had to work harder (desktops are easier to steal than mainframes) but there was no network, so the data was relatively safe. I’m not sure we even knew that data was valuable at this point. Xerox had just invented the computer virus, and we all had floppy drives, so we learnt fast that losing stuff was a very bad thing. At this point security was Dave and a poster warning of the dangers of promiscuous floppy use.

Novell changed everything, (with the help of Banyan Vines, IBM, and Microsoft) by connecting these new “personal” computers together, and almost immediately security wasn’t Dave anymore. (As an aside, I once found a person crawling around under their desk because IT had told them that their computer wasn’t working as there was a problem with the Token Ring, they thought it had  fallen out of their computer. But I digress.)

So we’re building up a complex network, computers are getting increasingly more powerful and distributed databases are appearing, and the need for greater mobility is upon us. Then things become a tad more complicated – laptops start to appear, RSA tokens, removable hard drives etc. Security is now everyone’s concern, and there are people in IT who are “specialists.”

Virtualization and Multi-Core systems march us further forward. At this point the workforce is mobile, computing is provisioned on a utility model, we have access controls, application isolation and a plethora of regulatory mandates, and there isn’t a single person employed in IT who isn’t responsible for at least some aspect of security. But there is no single person who sees everything, no single person responsible for overall control. We’re siloed and blinkered. And no, the CSO isn’t the missing person.

So what’s the issue? The issue is that we’re all in the security business and we’re all our own IT department. We need ubiquitous security. We need convergence. Now is not the time to be unique. Now is the time to coexist.

From our standpoint, we build the fledgling bridge between IT and Security operations. We’re the only SIEM vendor who focuses on the collection and normalization, and not the presentation layer. (That’s not to say we don’t have fantastic SEM, Compliance and Forensic tools. It’s a fact that a large percentage of the most scalable SEM deployments have LogLogic at their core, with companies such as RSA, Q1Labs and ArcSight acting as the pane of glass.)

It’s not an easy job to bridge disparate silos, to collect everything, ingest, normalize and then filter and forward to a ubiquitous set of user interfaces such as ticketing agents, event managements, compliance tools, SNMP trap tools, etc., but here at LogLogic we have made it our business. In fact, back when the company was founded, we ensured that the technology such that filters forwarding log data for exactly this purpose is under the watchful eye of Patent # 7,599,939.

We’re not saying that logging will force the convergence of IT Operations and IT Security, but we are saying that on the road to convergence, we’re an essential ingredient. We’ve created a virtual IT data information pool as the next natural step in resource reuse. VMware led the way with CPU’s, storage vendors followed, and we’re next when it comes to IT Data. The key point is then to be able to feed this data into IT Analytics companies like Archer, Remedy, etc., and deliver a truly panoramic view of the IT Data landscape.

Just last week, a client told me that Windows logging added a whopping 35% to their network traffic. A different client told me that before they moved from a fragmented logging architecture to a centralized architecture using LogLogic, their log management and security eventing requirements created an overhead of 65% of their total bandwidth usage.

The sheer cost of not building an IT bridge is staggering, and every day we see the light go on in the wallets of customers. The benefits are obvious – we can bring visibility and control to all systems and divisions, but beyond that we can tangibly affect your bottom line.

  • Reduction of maintenance costs for every applications’ connector tax
  • Reduction in network bandwidth usage
  • Reduction in replicated and redundant data log storage
  • Reduction in the cost of change

Reduction in operational overhead (power, rack space, cooling) Convergence is here. Accept it. Walk across the bridge. Embrace it.

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.