The Realities Of Risk Management

Meeting all of your needs may require multiple vendors.

Andrew Conry Murray, Director of Content & Community, Interop

December 14, 2007

2 Min Read
InformationWeek logo in a gray background | InformationWeek

As security vendors build out their product portfolios and integrate various components, they paint a picture of a "holistic" approach to risk management. When you press them to define holistic management, every one of their responses boils down to this: Write a set of well-defined policies, and then put processes in place to monitor and enforce those policies. It's good advice, but it doesn't require integrated vendor suites to be successful.

"Risks may encompass multiple products from multiple vendors in a host of different areas," says Craig Shumard, chief information security officer of Cigna, one of the five largest health service providers in the United States. "There may be issues around audit trails, unauthorized access, or fine-grained authorization you need to get for a business process or regulation. That could entail seven or eight products from three or four different vendors."

InformationWeek Reports

Shumard himself relies on 20 or 30 security vendors to meet all of Cigna's needs. While acknowledging that Cisco, IBM, and Symantec have been on an "acquisition tear," he thinks there will always be room for niche security players "to innovate and create."

Shumard practices what he preaches. Cigna was a customer of Vontu before it was acquired by Symantec. It also uses software from Aveksa, a startup in the entitlement management market.

And even as vendors integrate products to make them easier to use, deployments can still fail. For instance, though Symantec and Sophos have added network access control capabilities to their endpoint security products, that's not enough.

"How many people have a good global inventory?" asks a security executive at a cosmetics company. "If you don't have 98% of your world known before you plug in NAC, you're going to lock out servers and printers."

This story was updated Dec. 17 to correct the spelling of Aveksa.

Return to the story:
Security Vendors Revamp Desktop Suites

Illustration By Mick McGinty

About the Author

Andrew Conry Murray

Director of Content & Community, Interop

Drew is formerly editor of Network Computing and currently director of content and community for Interop.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights