Digital Transformation
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Why Converged Security matters: you locked all the doors but your window is open

MironMizrahi

thanks for your comments, Mike.

I am not surprised Shamim's post and mine put forward similar views. We both have been, for a while now, talking about the IT Value Chains, and we are not alone. This paradigm has been validated with customers through the joint work done in the IT4IT Consortium. The main thrust is that there are 4 value streams which form the underpinning of any IT organization. Models and data and how different entities such as defects, service requests or incidents are processed along the chain is central. So you are right in your statements about a common model. But there is more than that. The value chain approach is what makes automation really deliver value.

If you look at IT as a manufacturing company you begin to realize that while pockets have been automated, in reality the impact is often muted since automation was not implemented with an end-to-end view. DevOps is case in point. While the Dev side has automated and optimized, apps are not getting to users much faster. This is not because the Ops side is not automated but rather because it is not autmated where it is needed. The IT value chains give you this end to end view that everyone can align to, bearing in mind that alignment is not just on process and hand off points but also on KPIs and metrics.

I have elaborated on this topic in a white paper called "From futile to agile".

This is why I am saying that Security cannot just be an overlay. You need to look at the IT value chains and figure out where and how you will integrate security in a manner that will allow you to be proactive. When security "happens" because it is built into the value chain, it has much better chances of success

0 Kudos
About the Author

MironMizrahi

Comments
mikeshaw747

Nice post, Miron.

 

It's interesting to notice that you talk about the need for IT Ops and Security to have a "single version of truth" - which is essentially the same as saying that they have shared models and shared views onto the states of those models. They don't necessarily need to see the same details of each model of its state, but they must both be looking at the same model.

 

This is EXACTLY the same point made by Shamim Ahmed in the post below yours on Dev Ops. In order to achieve continuous "everything" from build thru to run, we must have the same model and the same view onto the state of that model. 

 

I think that one of the key point with Dev Ops is that it's very difficult to get anything continuous unless you have automation. And the key cost, the work "hump" we have to get over, in order to get automation is modeling that automation. And automation is based on the models we have - the model of the app, the model of what and how we test the app, and the model of what we have put the app onto when it goes into production. 

 

Once we have a common model, augmented as we go from build thru test and into production, modelling the automation becomes as easy as it can be. 

 

Mike. 

MironMizrahi

thanks for your comments, Mike.

I am not surprised Shamim's post and mine put forward similar views. We both have been, for a while now, talking about the IT Value Chains, and we are not alone. This paradigm has been validated with customers through the joint work done in the IT4IT Consortium. The main thrust is that there are 4 value streams which form the underpinning of any IT organization. Models and data and how different entities such as defects, service requests or incidents are processed along the chain is central. So you are right in your statements about a common model. But there is more than that. The value chain approach is what makes automation really deliver value.

If you look at IT as a manufacturing company you begin to realize that while pockets have been automated, in reality the impact is often muted since automation was not implemented with an end-to-end view. DevOps is case in point. While the Dev side has automated and optimized, apps are not getting to users much faster. This is not because the Ops side is not automated but rather because it is not autmated where it is needed. The IT value chains give you this end to end view that everyone can align to, bearing in mind that alignment is not just on process and hand off points but also on KPIs and metrics.

I have elaborated on this topic in a white paper called "From futile to agile".

This is why I am saying that Security cannot just be an overlay. You need to look at the IT value chains and figure out where and how you will integrate security in a manner that will allow you to be proactive. When security "happens" because it is built into the value chain, it has much better chances of success

ARCOT

MIron

 

Interesting approach to deal with increasing security threats facing enterprises.

 

In my view, there is need to re-define the NEW WAY OF SOC (Security Operations & Control), which means, a new definition to skilling resources, use of the technology and data interpretation / analytics requiring a combination of the security fundamentals covering Apps to Ops and conventional ops mgmt.

 

Traditionally, SOC and NOC remained separate, so that data in SOC is not accessed by NOC.  However, this approach defines convergence and hence a need for redefine the approach holistically, which truly is an IT Risk Management approach and should be fulfilled within the boundaries of the regulatory polices applicable for each industry.

 

It would be good elaborate on how we are addressing the regulatory requirements as well.

 

Labels
Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all