Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

IT Operations and Security Convergence? Not Really.

by Neil MacDonald  |  May 17, 2011  |  1 Comment

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on Microsoft’s System Center Configuration Manager (SCCM). IBM/BigFix has done something similar with Trend Micro and LANDesk has done something similar with Kaspersky.

Does this mean that IT Operations and Security are converging?

I believe “convergence” is too strong of a word to describe what it going on. Convergence implies that one or the other goes away. That isn’t the case here. IT Operations and Information Security are like Ying and Yang. A healthy but necessary tension exists between the two.

While there may be convergence of the infrastructure underneath that carries bits out to the endpoints (in this case, the SCCM servers and agent), this shouldn’t be confused with convergence of policy administration. In other words, while the operational infrastructure might be used to deploy and update the policy enforcement mechanism (the Forefront agent in this case), this doesn’t mean that the need for separation of duties of policy administration has gone away. Leveraging operational infrastructure for security policy enforcement makes sense as long as separation of duties is maintained.

“Integration”, Interoperability” and “Reducing redundant infrastructure” are much better ways to describe what is happening – and it’s not just with the security and management of endpoints that this integration and leveraging of common infrastructure is happening.

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security     Tags: , , , , , , ,

1 response so far ↓

  • 1 Andre Gironda   May 18, 2011 at 1:58 pm

    I really hope that they do converge. We need application penetration-testers and malware analysts in the NOC (and we need the SOC in the NOC if they are already separate). We need secure code review assessors working with the Tivoli/Opsware/Chef administrators on secure application deployments (in addition to identity management convergence such as ForgeRock or data management convergence such as IBM, Oracle, SAP, and TeraData).

    IT/Ops and Configuration Management are great places to include your security professionals. I don’t know too many current security professionals that are highly-proficient in vSphere, SCVMM, or cloud deployments, which is really too bad because it affects our agility quite significantly.

    While I agree that separate of duties is important — many of these solutions (especially when combined with identity management maturity) allow multiple levels of authorization for some administration tasks. I was always a fan of Cloudkick because it kept the authentication and API keys in the right hands, but allowed less-formalized system administrators, developers, security pros, etc to manage their cloud-based systems without having the keys to the kingdom.