Symantec: Running around with your hair on fire isn’t good security

TORONTO – Shrinking IT budgets, heterogeneous computing environments and compliance issues are among the top challenges that IT managers face when managing their organizations’ infrastructure, a Symantec executive said Monday.

“Despite what the people in Redmond might tell you, the world is permanently heterogeneous,” said Michael Murphy, vice-president and general manager, Symantec Canada. “More and more people have access to information. This requires a broader approach to security.”

Murphy made these comments in his keynote address to Symantec customers and partners that were attending a one-day session in Toronto. Symantec Tech Day Seminars are also scheduled for Ottawa on June 19 and Vancouver on June 26.

A large data centre can end up with more than 100 different tools from 100 different vendors, making it difficult for IT workers to manage, Murphy said. To help businesses become more efficient in this area, Symantec last month at its Symantec Vision conference announced the Symantec Data Centre Foundation, which combines storage, server, cluster and performance management technologies from Symantec and Veritas.

“There’s one tool, one management framework and one storage array so different data from different systems can be grouped and archived together,” said Murphy in an interview with ITBusiness.ca following his speech.

This, in turn, helps free up IT staff’s time to become more proactive and get better at planning and testing – an area Murphy says businesses are not doing enough of these days.

“Because unnatural acts don’t have any planned cycle, it gets put on the shelf where they’re not properly tested or implemented,” he said, adding the day-to-day job of running a data centre is reactive as opposed to proactive.

“IT organizations are overworked and typically underskilled,” said Murphy. “They just can’t get away from the day to day running around with their hair on fire approach.”

But Paul K. Wing, an independent security consultant who once led Scotiabank’s information security department, said disaster recovery or continuity plans are increasingly less about the technology. Events like SARS and last year’s hurricane in New Orleans have shown people that beyond the data centre, the entire business must be resilient.

“You can lose your data but still have your business up and running,” said Wing. “Or you could have your data centre up and running but you haven’t got your business capability.”

As for testing, Wing said they are almost never realistic as many of the tests assume that they know the things that can go wrong and don’t work in worst-case scenarios.

“Disaster recovery and business continuity is around being able to do the communications,” said Wing. “It’s being able to connect to your staff and customers, it’s staff being able to connect to the data and it’s customers being able to connect to the service.”

Murphy touched on this in his keynote by telling partners and customers that IT disasters, natural or otherwise (system corruption or internal attacks) can have a negative impact on a company’s revenue, and, more importantly, a company’s brand.

With the number of data breaches being reported by companies and exposed in the media, organizations are becoming more aware of the importance of communicating that information to the public in a timely manner – something banks have known for some time, said Wing.

“We see more and more of these things being reported whereas in the past it didn’t get reported,” he said.

Last year, for example, there were 130 large scale database breaches, said Symantec’s Murphy, adding that external threats have evolved from hackers looking for notoriety to professionals looking to profit.

“There are sophisticated criminal elements behind these attacks,” he said. “These people are looking for personal and financial information.”

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+