Insight on information security – well worth a read

Tuesday, February 21, 2006 by admin

The other Neil alerted me to Security Incite, a fellow specialist analyst company, founded by Mike Rothman (former META analyst, PKI entrepreneur and marketing VP at CipherTrust and TruSecure) and which is focussed on the information security market. The company has an innovative community-driven approach to working with technology adopters but that’s not what I want to discuss here.

I wanted to call out Mike’s recent post which defines a pragmatic segmentation of the confusing world of information security. I thoroughly endorse his approach in providing the structure that IT buyers need to help them make effective security investment decisions and to understand how all the pieces fit together.

Also, I can empathise with his motivations: he needed to go through the process to make sense of it himself. I have gone through a similar process in my investigations of just one area of Mike’s model: identity. In fact, as will become apparent in our soon-to-be-released report on identity management, there are strong parallels between Mike’s analysis of the whole area and my perspective on identity management architecture. It’s about a clear separation of concerns – infrastructure security, information security, identity, policies and reporting in Mike’s case and identity data sources, identity and access services, policies and lifecycle management in mine.

As Mike drills into each of his areas, it will be interesting to see whether he identifies a similar set of capabilities: repositories, security services delivered as infrastructure, policy-based management and monitoring and security lifecycle management.

Posted in General