The blind men and the elephant
The parable of the blind men and the elephant is thousands of years old and has several well-known variations. It goes more or less like this: a group of blind men that have never encountered an elephant before coming across an elephant and begin to conceive of what it must look like based on what each one can touch. Each person feels something different but touches only one part of the elephant, such as its tusk, leg, or tail.
Some versions of the story then have the people getting into a heated argument over what the elephant must look like—the moral of the story being that, as individuals, we tend to claim truth based on our own subjective experience of a situation, rather than the experiences of others that (in their minds) may be no less accurate.
Some IT teams feel this way: an asset management team might feel it has the whole picture of an IT estate based on assumptions derived from its purview, and because the cybersecurity team disagrees on the veracity of the data presented, dismisses other views as misguided.
IT operations being at odds with IT security is by now a classic conflict—that tension has existed for as long as there’s been a SecOps function in the enterprise and probably longer. But what we’re finally coming to realize after decades of this conflict is that failing to see the “whole elephant”—that is, figuring out how to rationalize a view of things across the entire IT estate, not just based on one side’s set of to-dos and assumptions—isn’t just fueling the conflict or slowing our productivity down. It’s actually making organizations more vulnerable.
I read with great interest the results of a recent survey conducted by Forrester Consulting on behalf of Tanium. I wasn’t surprised to see that a majority of enterprise decision makers view collaboration and alignment among security and operations teams as a major challenge—I suspect the actual percentage is much higher than the 67 percent cited. Nor was I surprised to see that security and IT operations teams with strained relationships take, on average, nearly two weeks longer to patch vulnerabilities than teams that view themselves as having healthy relationships with “the other side.”
Consider this section of the report:
“IT Security and Ops teams need to prioritize enabling continuous compliance, increasing security, keeping the business running and advancing digital transformation. As a result, many have invested in numerous point solutions. However, these solutions are often operating in silos for each team, further inhibiting the visibility and control of computing devices needed to effectively protect the IT environment and allow the business to operate with the speed and agility it needs.”
And that’s not even mentioning the challenge of providing executive teams with consistent, reliable metrics pertaining to risk.
So, let’s net this all out
We have IT security and operations teams, historically at odds.
We have everyone agreeing on strategic priorities like security, compliance and digital transformation delivered under mandate all the way up to the non-technical C-level and often the board itself.
We have the stepped-up investment that’s come from a combination of new budget but lots of new tools, too—point solutions each tackling a different aspect of management or security, and adding complexity as a result.
But we also have teams that are leaving themselves potentially more vulnerable to disruption because they’re not investing together, not working off the same sets of actionable data and not confident they have the full visibility they need into all of the hardware and software assets connected to their environment.
As the Forrester Consulting study notes, “Only 51% of enterprises are confident in their visibility into risks, yet 89% have confidence in their reporting that is based on this incomplete data.”
As I spend time speaking with CIOs, CISOs, Directors of Operations and other IT decision-makers with budget control, I’m convinced many already know they put way too much confidence in incomplete or misleading data. The disconnects are known. The culture of “good enough,” when it comes to asset inventory, or patch efficacy, or fault tolerance, has left us no closer to a better solution than any of the blind men assessing his part of the elephant..
Maybe that’s an oversimplification. But when the strength of technology has finally reached a point where we can confidently invest in a unified endpoint management and security platform that shows a complete, real-time picture of endpoint assets and what to address, when and why, we’re all out of excuses. We can see the whole elephant and know exactly what it looks like.