InfoWorld Executive Forum
I spent Monday up at the InfoWorld Virtualization ‘Executive Forum’ up in
San Francisco
. It ended up being a really educational event on a number of different fronts. Database
Security & Compliance is not usually considered part of this
revolution, but as Virtualization breaks many IT infrastructure models
we have been using and creates dozens of new trust relationships, it
requires rethinking data collection, policy management, enforcement and
many other areas of data security as well. I
will be making a couple of posts on this in the next few days, covering
some of the high points and interesting revelations about these changes.
Virtualization is here. And if your in IT, you probably already know this. The degree that companies are rushing headlong into Virtualization I found startling. It’s
like the IT administrators said “Hey, this is cool, and it could save
us money”, and then people in middle management said “Wow, that is
cool”. Then they rushed off to see how fast they
could virtualize their infrastructure, like high school kids rushing
off with spastic euphoria on the first day of summer vacation. And
in a very short time we have arrived at a point where a majority of US
firms already implementing Virtualization, or they are in process.
Then someone in accounting asks “Why did you pick Virtualization platform A over platform B or C. Couldn’t we negotiate a better price is we play the vendors off each other?” Then
the CIO asks “What is our Virtualization Strategy? How will we manage
this infrastructure and what other tools do we need?” And the Risk
Management group asks “What metrics are you using and how are we
incorporating this into our Capability Maturity Model?” And then the
CISO (Played by Chris Hoff in this movie) asks “Have you given any though what-so-ever to security?” This is approximately where we are today, killing IT's "Buzz" by asking a lot of ugly questions.
The technology is very cool and the conference
opened my eyes to a couple ways the technology can be used that I had
not considered before. The different ways you can slice and dice the IT services is truly amazing. But it feels a little ‘Wild Wild West’, with lawfullessness and civilization left behind for the exciting new frontier. This
is certainly accelerating the adoption of the technology, and the
appropriate timescale to measure the changes will be months, not years. Formal
processes & controls will eventually catch up, and I imagine much
of the double-digit cost savings will boil away to more modest levels
given the needs for documentation, planning, training, workflow, source
control, backup and disaster recover. Oh, yeah,
and Security. Once again, security and compliance will be forced to
play catch up, and be patched onto existing infrastructure.
Say what you will, it will not be dull in Security for the next couple of years.
Recent Comments