I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on Microsoft’s System Center Configuration Manager (SCCM). IBM/BigFix has done something similar with Trend Micro and LANDesk has done something similar with Kaspersky.
Does this mean that IT Operations and Security are converging?
I believe “convergence” is too strong of a word to describe what it going on. Convergence implies that one or the other goes away. That isn’t the case here. IT Operations and Information Security are like Ying and Yang. A healthy but necessary tension exists between the two.
While there may be convergence of the infrastructure underneath that carries bits out to the endpoints (in this case, the SCCM servers and agent), this shouldn’t be confused with convergence of policy administration. In other words, while the operational infrastructure might be used to deploy and update the policy enforcement mechanism (the Forefront agent in this case), this doesn’t mean that the need for separation of duties of policy administration has gone away. Leveraging operational infrastructure for security policy enforcement makes sense as long as separation of duties is maintained.
“Integration”, Interoperability” and “Reducing redundant infrastructure” are much better ways to describe what is happening – and it’s not just with the security and management of endpoints that this integration and leveraging of common infrastructure is happening.
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Tags: Beyond Anti-Virus, Endpoint Protection Platform, Information Security, Microsoft Security, Reducing Complexity, Reducing Cost, Security-Summit-NA, Windows