- Douglas Williams
Are your Security tools Fighting the Threats or Each Other?
We've all heard the saying "having too many chefs in the kitchen" or even "Keep it simple stupid". This concept is often utilized for every aspect of technology from strategy, design, implementation, to operational support. However, when it comes to security this is often ignored and the approach of "more is better" takes precedence.
Now, this is true in regards to increasing security features, capabilities, and overall delivery of security infrastructure; however, this is NOT true when it comes to having a variety of "Point Security" products. Having a variety of security products, vendors, and even security experts that provide their individual silo view for your security environment without truly understanding your environment. Their knowledge of your environment is no more than knowing when your next budget cycle begins and when your hardware and software renewal is forthcoming.
So, what happens when you have several chefs in the kitchen? They fight for utensils to cook with, space, water, heating element, and trying to be better than the next -- in summary, each chef is competing (fighting) for the limited resources that are available to complete their individual task.
This occurs within a security environment built on having a variety of security products that ARE NOT collaborating with each other and more focus on their individual assignment. Within the project management methodology; there is a function named RACI (Responsible, Accountable, Consult, Inform) -- this is a model that successful PM's utilize for project management and service delivery.
This is a function that works within a security infrastructure environment were each solution (product) maybe assigned a certain function or service; however, each product should have an assignment within the matrix of the RACI. If a product or service can't fit in the RACI; than that component should be address for modification or marked for end of life.
A "Collaborative Security Infrastructure" is support by clearly defined roles, responsibilities, and deliverables --- this ensure that they are fighting the threats as a team and not fighting each other for limited resources.