Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

IT execs: Integrate security and Ops to cut costs and reduce waste


michael-garrett2.jpgSecurity is changing. Ten years ago we used to worry about worms and viruses. As a result enterprises focused on perimeter defense. But high profile security incidents like the Target breach exploit internal weaknesses. Security now must cover more extensive ground—and as it does so it overlaps with territory covered by IT operations.


This new vulnerability is worrisome—especially if you’re the one trying to protect sensitive corporate data. But it also presents an opportunity for IT to cut costs, improve efficiency, and reduce waste. (If you’re concerned about security, come talk to our HP Software Professional Services experts at HP Protect.)


The common ground between Security and Operations

What does IT security do at its most basic function? It monitors and detects. And when security finds something it reacts and fixes it.


But that’s also what IT Ops does. Events management, incident management, and so on are classic break-fix IT Ops activities. As part of its prevention and governance activities IT Ops also performs a number of scans. Ops scans the environment and sees, for example, that the right patches are installed, the configurations are correct, and the right policies are applied when new devices come on the network.


So you have Ops doing configuration management, Ops doing event and incident management, and Ops doing testing. At the same time, security is doing exactly the same thing. But they’re using different tools and different processes. And they are losing the benefit of scale.


The benefit of scale

Imagine if you went to the hospital and there was an X-ray function for the orthopedic department and an X-ray function for the pediatric department. That wouldn’t make any sense. It’s the same discipline, whether you are looking at children’s bones or adults’. Hospitals have consolidated pediatric and orthopedic X-ray departments, and the benefit is scale and efficiency.


Right now IT is losing the benefit of scale when it comes to security and operations. It’s more expensive to set up a replica from scratch than it is to add the delta onto an existing capability. It’s a lot more cost effective and process effective to say, “Okay. We’re going to take what we already have, and extend it to meet the needs from security.” But in most organisations, security does its own thing, runs its own scans, and keeps its own database of configurations.


Execs must drive the change

HP has the technology and the services that allow you to integrate the two functions. The biggest challenge, however, is changing the mindset and driving organisational change. And this is where an executive can make the biggest difference. It’s really up to execs to say, “You will align on common processes, you will agree on a data model, you will consolidate tools, you will implement the integrations, and you will do all of the rest.”


It’s not easy. But there is a precedent. Look at application testing, for example. Ten or 15 years ago, you wouldn’t get QA engineers talking to developers. They hated each other. Why? Because QA would go in and say, “Look at all these bugs.” They exposed the deficiencies of the work the developers did.


But once the two functions realised it wasn’t about ego, it was about producing a quality product, the teams saw a mutual benefit. Then people understood that testing is actually good for you. It saves you money, it makes your product better, it’s good for everyone. As the technology matured, organisations integrated their processes. This is the journey we need to take with security and operations.


Learn more about Converged Security.


Related links:

About the Author


Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all