Speaking at the Vision 2007 Conference this past June, Symantec Chairman and CEO John Thompson focused his attention on some of the key challenges enterprises face today, in particular the exponential growth in information that has fueled equally explosive growth in infrastructure complexity.
“We realize that to truly manage IT risk you need to create a high-reliability organization,” he said. “Technology plays a critical role in this, but people and processes do as well. After all, the most sophisticated software in the world is powerless without the right people implementing and managing it and without a strategy to guide it. However, many organizations don’t have enough of this expertise or the adequate skills in-house to get the job done.”
The bottom line: Businesses today don’t operate in a “one-size-fits-all” world. Instead, they require tailored products and services that enable them to mitigate risk, help demonstrate compliance, and improve security operational efficiency.
This article looks at how enterprises can successfully meet those challenges by adopting a hybrid approach that incorporates security products, managed services, and professional services.
In a recently published White Paper, IDC Analyst Christian Christiansen characterized the task of building a security infrastructure as “a constant exercise in revision”:
“Externally, these revisions are driven by a tightly organized, well-funded, and highly intelligent criminal element that is highly focused on specific targets. Regulatory compliance is a worldwide issue that requires accurate oversight. Internal threats are also an issue as authorized account holders (e.g., employees, customers, partners, and suppliers) engage in behavior that ranges from mischievous to malicious.” (“Security Hybrids: Reducing Risk by Blending Products and Services,” IDC, October 2007)
And the revisions don’t end there. As Christiansen observes, the relationship between senior management and IT is one that is constantly being revised. Where senior management once viewed security as a black hole from a budget standpoint, regulatory compliance now forces them to recognize security’s importance. For senior management, compliance violations can also lead to dismissal, public humiliation, and a seriously tarnished brand. Moreover, senior management now recognizes that security failures can disrupt critical business operations for days or even weeks – this at a time when most companies consider even a few hours of downtime to be unacceptable.
At the same time, some common points of agreement have grown up between senior management and IT. As Christiansen points out, both want an overview of their organization’s current risk profiles. They also want that view to apprise them of regulatory compliance status, critical vulnerabilities, risk profiles for key assets, and potential business disruptions due to security issues.
“In other words,” he writes, “they both want a single source of coherent information that provides multiple layers of granularity for current and future situations.”
Addressing these security risks requires a new and flexible approach, one that IDC has begun calling a security “hybrid.” This hybrid approach comprises three major security components: products (hardware and software), managed services, and professional services.
- Products Often, but not necessarily, the first line of defense is made up of the security hardware/appliances and software that a business already owns.
- Managed services To supplement overburdened IT organizations (and to provide a second source of analysis), customers can utilize managed services to correlate internal scans and external vulnerability monitoring. Often, these services can provide an early warning of an impending threat. Adds Christiansen: “Overall, managed services provide the expertise to enhance security information management tools. Managed services can address customer issues concerning the expertise or resources needed to monitor on a 24 x 7 basis.”
- Professional services Managed services aren’t designed to deal with an individual company’s in-depth questions about its specific issues. This is where professional services are needed. Professional services design, implement, and in some cases maintain customized security solutions.
Symantec provides enterprises with the flexibility to choose how to manage their security environment either with technology and their own resources; a combination of technology, internal staff, and Symantec consultants; or outsourced as a managed service.
Symantec security management products and services enable organizations to mitigate risk, help demonstrate compliance, and improve security operational efficiency. Symantec helps organizations manage IT security environments in compliance with security policies through a broad portfolio of products as well as best practices for security processes such as incident response, threat/vulnerability management, security information/event management, secure application development, managed security services, and database security.
Symantec’s security management products automate key processes and provide visibility into an organization’s security and compliance posture. Additionally, Symantec enables different operational business models, including staff augmentation and managed services, to optimize resource utilization. Customers can choose to leverage Symantec’s consultants to assess needs, transform operations, and operate complete security solutions.
Symantec security management products and services powered by Symantec’s Global Intelligence Network help customers proactively identify and address vulnerabilities before they become security threats. Real-time security intelligence and remediation guidance also enable customers to respond to security incidents to minimize data loss and downtime.
Symantec security management products and services help customers with security monitoring, assessments and compliance-related activities, including internal audits, risk assessments, log management, and assessing the effectiveness of IT security controls.
A hybrid approach to security, built upon a foundation of products, managed services, and professional services, helps enterprises surmount these challenges. Symantec’s comprehensive portfolio of products and services enables enterprises to feel confident that their information is safe and their transactions are secure.