Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Use the IT Value Chain to embed security in every aspect of IT


michael-garrett2.jpgIn the New Style of IT, security isn’t something you do on the side. It has to be embedded in every aspect of IT.


The New Style of IT—the interrelated trends of cloud, mobile, security, and Big Data—is changing the way you deliver IT services and the way IT services are consumed. So certain assumptions no longer apply. For instance, the assumption used to be


  • You owned and controlled the end point device. Now you don’t.
  • You owned and controlled the network. Now you don’t.
  • You owned the environment. Now you don’t.

Your perimeter has changed. Instead of being a fence, it’s become like Swiss cheese: full of holes. If your users are on a mobile device and connected to Wi-Fi to look at something in the customer database, they’ve got one leg in the internal network and another on the external network. (If you’re concerned about security, come talk to our HP Software Professional Services experts at HP Protect.)


Increasing communication between IT and security

Converged security is the answer to this new reality. Your IT organisation can no longer afford to keep security siloed in one area and IT Ops in another. The two functions are becoming increasingly entwined and each depends on the other for context and speedy remediation. You need end-to-end visibility across both domains to resolve issues with efficiency and speed.


As I wrote in my last blog post, (“IT execs: Integrate security and Ops to cut costs and reduce waste”) when you integrate these two functions you become much more efficient and the enterprise is better protected. You’re no longer duplicating activities—each with separate tools and processes.


Using the IT Value Chain to get to embedded security

In most organisations, security is another layer; it’s siloed. But the only way for security to be effective is if it’s embedded in everything. How do you start breaking the silos down?


In HP Software Professional Services we take an IT Value Chain approach to security. The IT Value Chain is a strategic framework for improving everything that IT does. It comprises four individual value streams. When you take a look at each one you can see where you need to embed security:


  • Strategy to portfolio: This is the planning and strategy value stream. And this is really the executive function I wrote about in my last blog post about driving change through the organisation.
  • Requirement to deploy: This value stream covers testing. So weave security testing into application testing to make sure you release secure applications (as opposed to releasing applications and then testing them for vulnerabilities).
  • Request to fulfill: Here is where you would look at embedding security into configuration management to prevent vulnerabilities.
  • Detect to correct: This is your event incident and problem management value stream. To embed security, make sure that your monitoring also includes security.

When you tack on security, it has limited effect. As the New Style of IT creates more complexity, security can’t be an add-on. This is the moment to start making these changes. Examine IT from a value stream perspective and start embedding security in each activity performed by IT every day.


Related links:

About the Author


See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all