IT security and management on collision course

According to some industry analysts, as many as 90 percent of all enterprise businesses currently assign oversight of anti-virus technologies to their desktop management teams, rather than ceding the work to security specialists.

The reasons behind this fact are simple, market watchers maintain, as the process of keeping AV agents up-to-date, distributing new virus signatures to end points, and monitoring PC configurations for anomalies are exactly the types of tasks that IT operations teams are expected to carry out.

If you add in the fact that many companies are looking at their IT security and management functions from the perspective of handling regulatory compliance demands, experts say, it becomes clear how much commonality exists between the security and management camps.

As such, it should come as no surprise that a growing number of organizations are beginning to view much of their traditional security work -- in specific chores that don't involve warding off attacks -- from a systems management standpoint.

That's the reason why security market leader Symantec plunked down $830 million for management software vendor Altiris in Jan. 2007, and why so many IT management technology providers are dipping their toes in the security waters, said Neil MacDonald, analyst with researcher firm Gartner.

"In most cases clients are looking to reduce complexity and costs, and improve overall systems manageability; today it's very hard to configure and manage security products made by multiple vendors, so we're seeing this trend toward what you might call Darwinistic operationalization," MacDonald said.

Based on the growing management headaches created by the presence of so many security tools in the modern enterprise, businesses are looking for ways to centralize oversight of the various technologies and hand off their control to operational specialists, the analyst said.

That is why Symantec and McAfee are pushing expanded management capabilities, and why so many companies with management backgrounds -- such as BigFix, Kace, and LanDesk -- are now actively marketing their security skills, MacDonald said.

"This is a very important trend, because most security issues actually arise in systems management, and even if you love Symantec and are on a path to acquire their various products, there's a pretty good chance that you'd at least consider the security solutions being offered by these other providers coming from more of an operational side," the analyst said.

"These companies on the operational side will definitely come head-to-head with the security companies, and really, that's a good thing for everyone," MacDonald said. "Because the endgame is that users should end up with more integrated functionality at a lower price."

Of course, major IT systems management platform providers including CA, EMC, IBM, and Microsoft are also competing in the security market, and are doing so with increasing success based on their management skills, the analyst said.

"If a security person can do a better job by using management applications, and vice versa, then why not; even though these companies look at things through a different lens, there's a great amount of value in eliminating duplication of tasks such as inventory management," MacDonald said. "All the management vendors have a great case to make; convergence may be too strong of a word, but there will certainly be increased integration across security and operations-type applications."