Gartner Blog Network


IT Operations and Security Convergence? Not Really.

by Neil MacDonald  |  May 17, 2011  |  1 Comment

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on Microsoft’s System Center Configuration Manager (SCCM). IBM/BigFix has done something similar with Trend Micro and LANDesk has done something similar with Kaspersky.

Does this mean that IT Operations and Security are converging?

I believe “convergence” is too strong of a word to describe what it going on. Convergence implies that one or the other goes away. That isn’t the case here. IT Operations and Information Security are like Ying and Yang. A healthy but necessary tension exists between the two.

While there may be convergence of the infrastructure underneath that carries bits out to the endpoints (in this case, the SCCM servers and agent), this shouldn’t be confused with convergence of policy administration. In other words, while the operational infrastructure might be used to deploy and update the policy enforcement mechanism (the Forefront agent in this case), this doesn’t mean that the need for separation of duties of policy administration has gone away. Leveraging operational infrastructure for security policy enforcement makes sense as long as separation of duties is maintained.

“Integration”, Interoperability” and “Reducing redundant infrastructure” are much better ways to describe what is happening – and it’s not just with the security and management of endpoints that this integration and leveraging of common infrastructure is happening.

Category: beyond-anti-virus  endpoint-protection-platform  information-security  

Tags: beyond-anti-virus  endpoint-protection-platform  information-security  microsoft-security  reducing-complexity  reducing-cost  security-summit-na  windows  


Thoughts on IT Operations and Security Convergence? Not Really.


  1. Andre Gironda says:

    I really hope that they do converge. We need application penetration-testers and malware analysts in the NOC (and we need the SOC in the NOC if they are already separate). We need secure code review assessors working with the Tivoli/Opsware/Chef administrators on secure application deployments (in addition to identity management convergence such as ForgeRock or data management convergence such as IBM, Oracle, SAP, and TeraData).

    IT/Ops and Configuration Management are great places to include your security professionals. I don’t know too many current security professionals that are highly-proficient in vSphere, SCVMM, or cloud deployments, which is really too bad because it affects our agility quite significantly.

    While I agree that separate of duties is important — many of these solutions (especially when combined with identity management maturity) allow multiple levels of authorization for some administration tasks. I was always a fan of Cloudkick because it kept the authentication and API keys in the right hands, but allowed less-formalized system administrators, developers, security pros, etc to manage their cloud-based systems without having the keys to the kingdom.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.