Can One Exist Without The Other?
If you were to ask enterprise IT people what the most common security risk is, most would point to people. If, however, you were to dig a little deeper, you would discover that people are enabled through a lack of proper configuration. Going further, you would soon discover that a lack of visibility into initial user issues, an increasingly small ability to manage devices at scale and no unified actionable management plane transform small user issues into massive security nightmares.
The answer is clearly not another one-off security product nor is another dashboard showing some subset of information the answer. The reality is that the future of security has to include unified management that enables visibility and control over the systems to be protected. Unified has to be ubiquitous such that it flows over all of the systems and endpoints in an enterprise. Actionable requires direct interaction while viewing an issue – not some requirement to access some random security control somewhere else. Moreover, any such management system has to operate without causing more disruption. Ask any CIO/CISO what their largest headache is today and it is NOT hackers but all of the security they somehow have to manage to prevent said hackers. Most importantly, security management has to be accessible to more than just a tiny number of cybersecurity experts. Much as Word made writing mainstream, new security platforms have to move from to too technical interfaces of the past and into management tools that a general IT group can operate. All of the complexity of security has to sit behind a mainstream system that enables the complex remediation services. Proper security platforms of the future will require moving parts that do not inundate the enterprises being protected and that can change out pieces on demand without operational downtime. None of these requirements will be possible without a proper management platform through which both the security and operational sides can be supported. Security used to be the rebel kid who ignored management and did whatever it wanted to do. After all, weren’t hackers worse than what security imposed? That is no longer the case and security needs to not only work with management but evolve management systems into truly useful, scalable protected administrative platforms.