Session at The Great Conversation 2012.
William Plante is the director of Professional Services for Aronson Security Group, based in Seattle.
The 2013 Great Conversation Event, hosted by Aronson Security Group and Microsoft Global Security at the ASG Security Summit & Expo is scheduled for March 4 through 5, 2013 at the Bell Harbor International Conference Center in Seattle.
Integrator’s are faced with ever increasing challenges:
Their clients have decreasing budgets
Their ability to sell products lacks the power of differentiation
Their ability to sell solutions is stymied by their lack of knowledge of the business and the true process by which security acts to add value to the organization
The answer is to:
Become students of the business they serve
Become students of the process by which their clients add value
Learn to benchmark all the products and solutions they represent against their ability to integrate into a common operating picture.
While data has always been a fundamental security concern, much of today’s technology permits us to integrate and correlate unstructured and disparate data under a common operating picture to provide business contextualized and relevant information. This notion of a common operating platform incorporating business and security elements is relatively new. However, integrators should be demanding this from their vendors. By designing and implementing a security information architecture that is aligned to the business goals and objectives (and enabling them to be achieved) the integrator is fulfilling their role as a true advisor.
How is this done?
To form a security information architecture you must understand the business context. Context refers to the business environment and operations that characterize the organization—the company’s mission, future goals and objectives, financial performance indicators, organizational culture and behavior. Designing a security information architecture and data integration schema must be done within the context of the business. In order to be successful the integrator must have a firm grasp of the business context that their client’s operations enable. Naturally this includes obtaining baseline information including all business, security system and data structures, operational risk assessments and other risk mapping efforts, stakeholder analysis and so forth.
Once this is done the integrator can begin to develop the security information architecture and data integration program. As one colleague put it: “This can be like eating the elephant—even one bite at a time is still pretty big!” How this is done depends on the organization. In general, developing the concept involves a variety of people, such as information technology, end-users, security people and several concept/strategy whiteboard sessions. It is important to see the broad brushstroke; you don’t need to be concerned about details at this point. Some of the guiding principles that we recommend to our clients include:
Assess Where Value Begins and Ends as a Process Innovation occurs with a sound view of how people behave today. The time to value and the connection to the business will often be invisible to the people who live within it. But their perspective is critical to the change effort that you eventually have to help execute.
COTS Shift to commercial off-the-shelf products Regardless of what information you integrate together, providing one common view and utilizing non-proprietary technology is key.
Secure the Core The notion here is to integrate and execute under a common platform the essential security services first—your core. Effectively utilizing a security information architecture and data integration scheme within your own domain should give you the credibility with other enterprise services to extend and touch their domain.
Another step is to look at what others are doing, otherwise known as benchmarking. Several enterprise security programs are implementing leading edge and innovative security information and data integration programs. It is easier to imagine what you can do when you see what others have done—while learning the dos and don’ts as well!
Once you have the concept outlined you then need to execute it against a plan. Typically we have worked in 18-, 24- and 36-month increments. A typical strategy usually includes:
The security master plan
Developing a proof point
Systematizing roles, workflows and associated standards
Value is the result of measures properly articulated
Integrator’s should be able to take disparate data from a variety of devices, software and stakeholders and integrate it into a common operating picture for an effective and disciplined response and measure their people, process and tools. There are now COTS platforms that encourage this, make it cost effective and act as a benchmark for all future solutions. But the real key is a methodology by which this information is collected, organized, communicated and measured.
William Plante is the director of Professional Services for Aronson Security Group, based in Seattle; www.aronsonsecurity.com.