Insight on information security - well worth a read
The other Neil alerted me to
Security Incite, a fellow specialist analyst company, founded by
Mike Rothman (former META analyst, PKI entrepreneur and marketing VP at CipherTrust and TruSecure) and which is focussed on the information security market. The company has an
innovative community-driven approach to working with technology adopters but that's not what I want to discuss here.
I wanted to call out Mike's
recent post which defines a pragmatic segmentation of the confusing world of information security. I thoroughly endorse his approach in providing the structure that IT buyers need to help them make effective security investment decisions and to understand how all the pieces fit together.
Also, I can empathise with his motivations: he needed to go through the process to make sense of it himself. I have gone through a similar process in my investigations of just one area of Mike's model: identity. In fact, as will become apparent in our soon-to-be-released report on identity management, there are strong parallels between Mike's analysis of the whole area and my perspective on identity management architecture. It's about a clear separation of concerns - infrastructure security, information security, identity, policies and reporting in Mike's case and identity data sources, identity and access services, policies and lifecycle management in mine.
As Mike drills into each of his areas, it will be interesting to see whether he identifies a similar set of capabilities: repositories, security services delivered as infrastructure, policy-based management and monitoring and security lifecycle management.
