The Growing Complexity of IT Security: How Do We Manage?

While IT Security has never been an easy job, the consensus is that cloud, mobility, and virtualization are increasing the complexity and making the job more difficult because data is no longer contained within the data center. The commoditization of IT is also contributing to increased complexity because it has created a situation wherein organizations or departments within a company can procure cloud services with a corporate credit care and set up their own technology. Traditionally, the procurement path went through the security department because one needed to get through the firewall in order to access the service.

Strategies for managing the IT security complexity within the environment include:

• Work with the procurement department to gain visibility into the types of purchases being made external to IT/security
• Consider a unified solution for commodity types of services, such as anti-virus and intrusion detection
• Determine whether the complexity is due to a lack of appropriate base architecture

Engaging a managed service providers may help reduce complexity, but it also brings its own level of complexity in that security leaders will need to have a rigorous process to assess the capabilities of third-party providers. In addition, these service providers will need to be monitored and managed, which requires time and effort. Finally, cost is an issue. Organizations with smaller security budgets may not be able to consider outsourcing as a way to reduce complexity.

Because part of the issue is that data is now in so many places, security pros believe that an enterprise digital rights management solution may help reduce the growing complexity. DRM technology could potentially allow security pros to move the controls closer to the data itself.