Enterprise Security And The Elusive

Let’s return to the question raised at the onset: does the “single pane of glass” truly exist today or is it, in fact, elusive? I contend that the “single pane of glass” does not exist today and it is elusive. However, there is a lot of promise on the horizon. The competitive security tool market has generated much movement in this regard. Progress is being made towards achieving the “single pane of glass.”

Security tool vendors are becoming more aware of the need to (and are more willing to) leverage the Open API new technology. Open API new technology promotes the idea of different vendors establishing application programming interfaces that allow one product to seamlessly interface with another product, at the application layer, with minimum development and integration effort required. This affords the opportunity for the customer to leverage the best capabilities of differing vendor solutions without having to make what can sometimes be a large investment in software customization and integration testing. Based on my experience, I believe that it will be very difficult for a single security vendor solution to provide both the analytical and the automated processes needed to satisfy the visibility requirements of enterprise security. However, security vendors that adopt the Open API new technology concept will help the enterprise security community to go a long way towards achieving the elusive “single pane of glass.”

It is also recognized that many of the large enterprise security solution providers are attempting to achieve the “single pane of glass” without adopting the Open API new technology concept. They are attempting to achieve this by various mergers and acquisitions of smaller security tool vendors that offer additional functionality that did not exist in their current enterprise security tool suite. This trend would likely render the open application programming interfaces (which may have previously existed before the security tool vendor was acquired) as proprietary. The current trend in security tool vendor acquisitions may result in some success in achieving the “single pane of glass.” However, it is the opinion of the author that this approach may limit the creativeness that generally comes with a “lean and mean,” focused small security tool vendor that is needed in the dynamic enterprise security environment that currently exists.

In conclusion, it appears that the “single pane of glass” for enterprise security does not currently exist today. However, I believe that a “multi-paned window” for enterprise security does exist. This “multi-paned window” is comprised of multiple vendor solutions that adopt the Open API new technology. The collaboration of multiple vendors to achieve a common goal (to provide integrated capability and visibility for enterprise security objectives) has led to a window of opportunity. This creates an opportunity to be able to analyze information from disparate sources and, to put it simply, make some sense out of it. The “multi-paned window” would potentially utilize the “single pane of glass” of a Governance, Risk and Compliance (GRC) tool, the “single pane of glass” of a Security Event and Incident Management (SEIM) tool, and the “single pane of glass” of an analytics platform, to form the “multi-paned window” for enterprise security. This “multi-paned window” would provide an integrated view of system events/processes and the resultant effect on established security policies, plans, and procedures. The “multi-paned window” is not a “single pane of glass” for enterprise security, but it is nonetheless a “window,” providing the much needed visibility into the enterprise security space.