SAN FRANCISCO -- IBM will make a series of security announcements at the 2009 RSA Conference this week to further what Big Blue calls its Information Security Framework. Security professionals, even those that do not use IBM products, can benefit from the framework -- which includes a foundational information security program reference model, a maturity model for self-evaluation, an assessment tool for measuring current posture and IBM-provided training -- by copying IBM's mindset to ensure security is built into new business initiatives rather than layered on as an afterthought.
- Stay ahead of evolving threats. Prioritizing threats and proactively reducing the risk to business operations is the nuts and bolts of security programs. New threats usually involve new products to attach to the infrastructure and new vendor relationships to maintain before established vendors are sure the threats are real. Smaller vendors are usually the ones evangelizing evolving threats; it is important to understand their security issues, determine the risk to the business, and decide on a level of urgency.
- Take advantage of new business opportunities. Every IT security team hates being looped into an IT project too late in the process to properly secure it. Use the opportunity to get ahead of business initiatives by exploring the security implications of mega-trends such as virtualization (data center and desktops), cloud computing, smartphones for the workforce, as well as other forms of wireless communication. Take advantage of the conference to learn not only about new security capabilities, but also how that research can help the company open new business opportunities so security can get ahead.
- Pursue more efficient IT business models. Many IT organizations, especially in this economy, are charged with driving 10% or more of the annual costs out of the existing technical infrastructure. This usually translates to cost savings in labor that come from automating security processes, consolidating security into switches and multifunction security devices, virtualizing security products for concentrated server utilization and endpoint protection, and simplifying complex compliance processes. Look closely at the ability of security innovations to reduce labor costs to meet operational goals.
About the author:
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric was a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to email@example.com.