HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Use the IT Value Chain to embed security in every aspect of IT

MichaelGarrett on ‎08-07-2014 01:22 PM

In the New Style of IT, security isn’t something you do on the side. It has to be embedded in every aspect of IT.


The New Style of IT—the interrelated trends of cloud, mobile, security, and Big Data—is changing the way you deliver IT services and the way IT services are consumed. So certain assumptions no longer apply. For instance, the assumption used to be


  • You owned and controlled the end point device. Now you don’t.
  • You owned and controlled the network. Now you don’t.
  • You owned the environment. Now you don’t.

Your perimeter has changed. Instead of being a fence, it’s become like Swiss cheese: full of holes. If your users are on a mobile device and connected to Wi-Fi to look at something in the customer database, they’ve got one leg in the internal network and another on the external network. (If you’re concerned about security, come talk to our HP Software Professional Services experts at HP Protect.)


Increasing communication between IT and security

Converged security is the answer to this new reality. Your IT organisation can no longer afford to keep security siloed in one area and IT Ops in another. The two functions are becoming increasingly entwined and each depends on the other for context and speedy remediation. You need end-to-end visibility across both domains to resolve issues with efficiency and speed.


As I wrote in my last blog post, (“IT execs: Integrate security and Ops to cut costs and reduce waste”) when you integrate these two functions you become much more efficient and the enterprise is better protected. You’re no longer duplicating activities—each with separate tools and processes.


Using the IT Value Chain to get to embedded security

In most organisations, security is another layer; it’s siloed. But the only way for security to be effective is if it’s embedded in everything. How do you start breaking the silos down?


In HP Software Professional Services we take an IT Value Chain approach to security. The IT Value Chain is a strategic framework for improving everything that IT does. It comprises four individual value streams. When you take a look at each one you can see where you need to embed security:


  • Strategy to portfolio: This is the planning and strategy value stream. And this is really the executive function I wrote about in my last blog post about driving change through the organisation.
  • Requirement to deploy: This value stream covers testing. So weave security testing into application testing to make sure you release secure applications (as opposed to releasing applications and then testing them for vulnerabilities).
  • Request to fulfill: Here is where you would look at embedding security into configuration management to prevent vulnerabilities.
  • Detect to correct: This is your event incident and problem management value stream. To embed security, make sure that your monitoring also includes security.

When you tack on security, it has limited effect. As the New Style of IT creates more complexity, security can’t be an add-on. This is the moment to start making these changes. Examine IT from a value stream perspective and start embedding security in each activity performed by IT every day.


Related links:

About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all