The Time Has Come: Security Integration

Loraine Lawson

I've covered integration for this blog for nearly six months now. Before that, I wrote about IT security. And before that - in the nascent days of the Internet - I wrote more generally about topics of interest to CIOs and IT managers - including security and integration.

I've got seven years of IT coverage under my belt. Granted, I took a year off in 2006 and 2002, so I may have missed something then. But in all that time, I don't believe I've ever seen one item about integrating security. Until now.

Imperva, the application data security and compliance provider, and three security vendors are offering a data integration framework called Imperva OpenSphere. eWeek reports the current partners - Crossbeam Systems, Ounce Labs, and SenSage - worked with Imperva to pre-integrate their products with Imperva's SecureSphere database monitoring and application firewall products.

According to, OpenSphere provides four points of integration:

  1. Content: Content will be contributed to SecureSphere by the three partners and will include best practice templates, application structure definitions and vulnerability data, all tailoring a SecureSphere deployment to a specific environment.
  2. Information Flow: SecureSphere's tools will communicate with the partners' products about assessment data, audit logs and security events.
  3. Delivery: Integration between the partner software or hardware platforms on which SecureSphere runs will result in more flexible deployments to better match architectural requirements.
  4. Compatibility: SecureSphere will ensure that activity monitoring, audit and security functions won't interfere with the functions of Oracle, Microsoft SQL Server, IBM DB2 and Sybase.

Obviously, if you're not a SecureSphere client, this won't be big news for you. But it's an interesting announcement, and could trigger a new trend in security integration.


Blogger Dan Sullivan at Realtime Community does a great job of cutting through the press release jargon and explaining the significance of this announcement.


Sullivan compares the Imperva initiative to data warehousing and data mart integration, which gives companies more complete information about their business. Right now, there are a lot of separate security points you can monitor: network security, desktop security, data security, application security - and now, with SOA, services security. But there isn't a way to see the big security picture.


As Sullivan points out, IT needs to know what's going on at all these security points, at the same time, and the time is ripe for security integration.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.