Making IT comprehensible to the board
Could BI tools work for network security?
By Bryan Betts, Techworld | Published 12:00, 15 December 07
"We also use the OLAP cube concept and do predictive management - it is applying BI tools to security and systems data. All the information you need is hidden in your log files, but that's terabytes these days. Log files are a ridiculous amount of data, so you have to have an automated solution to go through them."
Weigel says that NetIQ - which is far from being the only company working in this area - came into it from the configuration, audit and alerting point of view. Its technology evolved and regulatory compliance came along, and all of a sudden security management jumped towards the top of business priority lists.
He adds that while IT managers take compliance and security seriously, a survey by NetIQ earlier this year suggested that most of them think that their board-level superiors are merely paying lip-service to it - and he says that BI-type tools could help here.
"IT tends to talk about the technical aspects of security, but the business manager needs to understand the risk they're running," he says. "That gets you into predictive management, and while most companies do that for systems management, very few do it from the security point of view."
He suggests that IT managers need to learn how to explain the security risks in financial and business terms, so they can explain that "the cost [of security] is ridiculously small compared to the cost of a breach."
They also have to bring the way their departments work into line with other parts of the business, he says, for example by acquiring management and reporting tools that "connect people to processes" by turning IT activities into workflows. Not surprisingly, NetIQ sells exactly that, in the shape of its Vigilant Policy Centre.
"Systems management traditionally has well-defined workflows," he says. "The challenge is making sure those are followed and are auditable."
