HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Discover security session: You never had control

HPE-SW-Guest on ‎06-06-2012 01:17 PM

By Brian McDonough, Discover Performance Managing Editor


At HP Discover Las Vegas on Tuesday afternoon, Rafal Los, HP Software's chief security evangelist, talked the challenges of security in a cloud-based or hybrid world, part of the “Master the Cloud” track at the show.


The problem he posed: In the mobile/social media/big data world that cloud technology underpins, there's a lot going on, and it's all happening really fast. Businesses need to adapt to rapid change, and few are succeeding. The IT department, he said, is often part of the problem. “We're known as the Department of No,” which puts a break on change in a world where, say, global financial markets can utterly change overnight.


“Slow change is death to today's organization,” he said. “If your business can't adapt, you're done.”


CISOs can be major impediment to business agility because they're concerned with protecting the enterprise, which Los said has become a focus on “control.” And with the advent of hybrid IT delivery, security leaders tend to freak out because they can't control the cloud. Which begs one question, Los said: “Did you ever have control to begin with?”


From control to governance

Credit card provisioning, use of free online services like Gmail or Dropbox, the consumerization of IT—that false sense of control has been steadily undermined for some time. Rather than fight to regain a repressive level of control that was largely illusory anyway, Los suggested changing the security model in a fundamental way.


“Control is not scalable,” Los pointed out. IT security is no longer a matter of having a tech guy manually patch 50 servers over the course of a week. “We have to get out of this 'we're gonna touch everything' mindset and get into a governance mode.”


CISOs need to be able to trust that (well-designed, thoroughly vetted) automation will implement security policies in response to predetermined risk tolerances. Security should be evolving from a mess of disparate architectures with different management and security approaches to a common architecture with converged management and security solutions. Flexibility and portability (“Develop once, run anywhere.”) will be key.


IT leaders, he said, have to accept that risk is not a binary choice of “secure” or “not secure.” It's more like, “as secure as we can make it right now,” “as secure as we are willing to pay for,” “as secure as the criticality of this data/app/environment needs.”


It seemed to me that Los was laying out a philosophy for security in what Mark Potts had earlier in the day been calling the next generation of IT. Los' approach would change how CIOs and CISOs deal with partners, vendors, developers and end users. Los can be found online on his blog, “Follow the White Rabbit,” and on Twitter at @Wh1t3Rabbit. How does his call to replace “control” with “governance” sound to you—and is it a shift you could make in your enterprise?



0 Kudos
About the Author


This account is for guest bloggers. The blog post will identify the blogger.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all