A Glimmer of Security Hope for 2011

We’ve been talking as an industry about the convergence of security and IT operations management for the better part of a decade.

But according to Kris Lovejoy, IBM vice president of security strategy, 2011 may finally be the year we see security and IT systems management converge.
With the rise of zero-day attacks, systems management people are taking note of the impact of security events on IT operations. Security issues are no longer theoretical constructs, but rather real-world everyday events that are adversely affecting everything from the productivity of IT staff to critical infrastructure.

As a result, IT operations people are looking to automate the process of applying the latest security patches. In addition, Lovejoy says that many of them are finally looking at a more user-centric approach to problems that would prevent users from accessing certain data unless the security status of their systems was verified. To accomplish the goal of minimizing insider and external threats, many IT organizations are now looking towards LDAP directories as a place where security and systems management tasks can converge.

These efforts would also further a customer’s data governance and compliance agenda. In fact, Lovejoy says that compliance requirements might very well wind up being the source of funding for the convergence of security and systems management. After all, she notes, a company can’t achieve compliance for anything more than a moment in time with automating security and systems management.

Of course, experienced IT professionals have heard much of this before. And we have yet to encounter the cyber equivalent of a “9-11 event” to truly galvanize the IT community. But with each passing day, security breaches become more prevalent. And with the rise of cloud computing, security and data governance issues are becoming bigger concerns across the industry.

Lovejoy says the only way to approach all these issues comprehensively is going to be standardized approaches to centralized management. So between the state of the economy, the advent of cloud computing and more virulent security attacks than ever, 2011 just might turn out to be the year we finally make that great security leap forward.