Nmedia - Fotolia
- Kathleen Richards, Information Security
IT security tools vendors are introducing new delivery models as workloads become transient, and product categories mature. According to Gartner, by the end of 2015, 30% of infrastructure protection products will be purchased as part of a suite offering. These compilations of IT security tools and services, often enhanced through mergers and acquisitions, make it hard for enterprises to figure out what some products offer and how these security bundles will improve their overall risk postures.
But there’s real benefit to looking into IT security tools and services (including cloud) that offer more, according to Dave Shackleford, principal consultant at Voodoo Security, including paring down your vendor footprint.
At the same time, organizations need to take steps to find the features overlap in their IT security tools to avoid wasting money and ensure that functionality in new products is not overriding existing controls tied to security measurements and compliance. In addition to tools assessment and consolidation, vendor management comes into play. Security-as-a-service options may make sense for some companies, notes Shackleford, who covers all that and more in his cover story this month.
On premises or off, management and visibility into data and applications increasingly means security controls and policy needs to work everywhere. As more companies become comfortable with virtual machines and migrate those workloads to the cloud, IT security tools are keeping pace, reports David Strom, a networking and communications expert and author. More than a dozen vendors offer tools that work across data center and cloud environments.
One company, Illumio, offers an Adaptive Security Platform (ASP) designed to protect the workloads on physical and virtual servers in the data center and cloud. The technology enables security teams to enforce security policies that travel with the application and automatically adapt to perceived changes in the network. Big names have signed on to the startup’s unique application security model, including Morgan Stanley and Plantronics.
Investment in application security is still not where it should be however, and our recent polling backs up that trend. We continue our new series, Readers’ Top Picks, this month with a closer look at readers who have indicated plans to invest in application security tools for their applications and components or software development process in the next 12 months. Perhaps the more telling number, 55% had no plans. Those that did, according to Peter Loshin, our new site editor who crunched the numbers, are still focused on traditional application vulnerabilities such as SQL injections and cross-site scripting (XSS). Check out which vendors made the application security tools short list and get some insights into the complex but critical developments in this market.
About the author:
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.
Why fast advancing technology makes security threats tough to grasp
Is your organization drowning in a sea of IT security tools?
Emerging IT security trends enterprises should be aware of
Dig Deeper on Network device security: Appliances, firewalls and switches
Set AWS security automation in motion with these practices
How to amp up enterprise security with a suite of tools
Dave Shackleford: Tips for IT security tools convergence
Beyond the Page: What's the latest in virtualization security tools?