There’s a huge difference between collecting data and actually generating actionable intelligence.
Nothing bears that out more than a new survey of 375 attendees conducted by SenSage, a provider of security information and event management (SIEM) systems, at the recent RSA Conference 2011.
The survey finds that there is little to no coordination across IT processes in the majority of IT organizations and that even more don’t do much when it comes to measuring how effective IT processes are. It’s little wonder then that more than half said that the internal perception of these IT services is that they are ineffective.
SenSage CEO Joe Gottlieb says the root cause of all this IT function is the simple fact that IT personnel don’t have enough actionable information. For example, the majority of the SIEM systems being used today are not open environments. As such, there is no process in place for taking all the data they collect and sharing it with other management systems.
To rectify this, a greater emphasis needs to be placed on open SIEM systems. Once those systems start passing actionable intelligence back to the rest of the management systems in IT, then we’ll start to see IT organizations move to better coordinate processes. Without that information, IT organizations are never going to be proactive about fixing problems before they occur. And if they can’t address problems before they occur, IT organizations will never be able to manage IT as a service. Instead, they will always be in a reactive mode where they wait for something to break and then try to fix it as quickly as possible. The trouble with that approach is that it makes the IT organizations look bad every time a problem occurs because it disrupts the workflow of the business.
Process management experts, in fact, would go so far as to argue that any process that can be discerned by the customer, in this case end users, is fundamentally broken. But the fact remains that far too many IT organizations don’t appear to be confidently managing IT operations, which usually results in some uncomfortable conversations about outsourcing IT.
Every journey needs to start with a few small first steps, but until IT organizations get a better handle on what is happening inside their systems, they won’t really know where to focus their efforts. And once the IT organization appears lost, it’s only a few short steps from there before the business decides that the IT organization might not know what it’s doing either.
Click through for results from a SenSage survey on security information and event management processes.
A little more than half have little coordination.
And even more don’t measure results.
About a third said they do little in this regard.
More than half said they are perceived to be ineffective.
Over half have.
Managing compliance exceptions, tracking metrics and overall security effectiveness top the list.