Operationalizing Your Security
In his first keynote as CEO of Symantec, Enrique Salem presented a new idea entitled "Operationalizng your Security" and talked about one of the tools in the Symantec Product set that can do this for you.
I learned a lot as I read through this speech. First I did not know he was the eighth software developer for Peter Norton Computing. After his first acquisition by Symantec, Mr. Salem left to go work at Brightmail and was once again acquired by Symantec.
As a side note it is great seeing a CEO of a tech company as large as Symantec also being someone who understands and uses technology.
But back to Operationalizing your security
Mr. Salem argues the current way of doing security is not working and backs it up with some interesting stats:
In 2008, we created more than 1.6 million new malicious code signatures. That’s more than
we’ve created in the last 17 years combined...
In the 30 minutes that I’m speaking this morning our
software will stop nearly 200,000 attacks globally around the Internet.
Scary stats, and Symantec is just one company creating virus signatures. And this will probably only grow more and more.
Mr. Salem lays out how security is being applied today:
1. Low-level administrators end up being the de facto "policy setters"
2. Security is done piecemeal
3. You've got silos
4. Lack of visibility into your risk posture makes prioritization challenging
When I worked as a network administrator for a private bank, this is exactly how the company ran. We ran a competitive anti-virus product that didn't always update correctly so I had to run around and make sure the servers were updating and patching, the clients were updating and patching etc... Even though it was small (70 employees), if the security was operationalized things would have been much smoother and simpler for me.
Mr. Salem defines operationalized security as being "risk-based, information-centric, responsive, and workflow-driven." He goes on to elaborate on each of the themes, but the key one for me and what I do for a living is workflow driven.
With the Symantec Workflow product being able to hook into so many products (whether or not they are Symantec products) you can create a process that reacts to the changing world of security. In fact your process might even become proactive.
Think about it: There is a patch that needs to be applied to correct a zero-day exploit. I have a change management process that accounts for emergency changes. I utilize my workflow process to move through the emergency change process for approval, create the patch delivery jobs, push the patches and log the successful installs/reboots into the change request form. In fact just case a patch went wrong, I took a snapshot with Backup Exec System Recovery so I could restore that snapshot to a virtual machine to recover. All done through the power of a workflow process.
Security needs to evolve to the next level, it needs to become a core process driven part of any organization.
The PDF where I read the speech is attached