Security Is Shaping IT Pros Roles - ' What IT can and ' (
Page 2 of 6 )
cannot do">
Do you feel that youre getting the support from IT vendors to achieve the
level of performance you need to manage these complex processes and products?
Gunnerson: Partially. I dont think weve seen any magic bullets helping
us to manage things without a lot of effort. ... One of the reasons is that
the environment is changing so quickly. Were moving from security threats that
take a month to security threats that take a day. That certainly keeps you up
at night.
There are tools becoming available that will help us deal with this—stand-alone appliances that you can buy that help you do intrusion detection and intrusion prevention. Theyre expensive, and they look a lot like network gear, which kind of involves everybody. These arent products you just put into your infrastructure—you really have to understand how they affect how your packets are sent both inside and outside the company.
As for Sarbanes-Oxley and the other laws that we have to support—we have to make sure that our systems reveal what needs to be revealed to be in compliance, and thats work also.
Do any of you find that you have to spend more time talking to corporate
counsel or human resources or other administrative departments within the organization
than was the case four or five years ago, to find out what theyre going to
need from you in terms of the visibility of data that Gary has just talked about?
Rosen: Im actually finding the opposite—theyre coming to us so
that we can translate what [the legislative and regulatory mandates]
are going to require.
Gunnerson: I think its healthy, actually, because now were all talking
about the same systems and applications. Before, it used to be, "You do your
job, and well do ours," and we didnt interact on a regular basis. Its forced
us to have some conversations that werent required before.
Do you feel that non-IT people tend to be more cognizant than before about
what IT can and cannot do?
Gunnerson: Theres a pretty good understanding from pretty much everybody,
mainly because theyve grown up with computing in their homes and theyve suffered
the slings and arrows of viruses and software upgrades and all kinds of nasty
stuff. I think the basic understanding of what computers are about and their
inherent problems are obvious to almost everyone.
Benincasa: We communicate a lot with our users whenever we have to,
for example, take some action to increase security. We tell them what were
doing and why were doing it, and, in a lot of cases, the users are pretty understanding.
They dont like some of the inconveniences, but they know the risks to the network
and the data if we dont protect them.
Frank, I know at Bose you have pretty definite control of system configuration
and so on. Have you found that user acceptance of a managed configuration for
personal computing has increased as end users have started to see the costs
of not having that coordination and control?
Calabrese: Well, weve been doing our darndest to bring that in as a
mandate—that unless there is a very justifiable reason not to stay within
that single-image, patch-managed, asset-managed environment, you do have to
stay there. People understand the ramifications and understand the impact to
the business. So what it comes down to is, Does your desire to have your own
configured system outweigh our ability to run our enterprise systems? We feel
the enterprise systems are more important.
Next page: The vulnerabilities in home processes.
