Rationalizing the Security StackMark Butler of Qualys on Strategies for Automating and Orchestrating
As a long-time security leader, Qualys CISO Mark Butler has watched the evolution of security tools and platforms. The best-of-breed approach still has merit, but also has failed us, he says. How can automation and orchestration provide new business value?
Butler, a former CISO at Fiserv and security executive at H&R Block who has decades of experience with security controls, feels the pain of colleagues wanting to rationalize their security stack. (For more on Butler's CISO mission, see: Qualys Customer Is Now the CISO.)
"We have 30, 40, 50 security tools in a lot of large organizations, and there was a reason why each one of those tools was evaluated, selected, purchased and implemented - and each one of those decisions probably made sense at the time," Butler says in an interview with Information Security Media Group. But this accumulation brings with it a daunting challenge: "How do we get these tools to talk together without some strategic governance over why are we building these sets of tools and what are we driving from a capabilities standpoint ...?"
In an interview about rationalizing and simplifying the stack, Butler discusses:
- How we got here;
- Pluses and minuses of the best-of-breed approach;
- The present and future promise of automation and orchestration.
Butler has more than 20 years of IT security experience, working with executive management, IT leadership and legal counsel at a variety of companies. Prior to joining Qualys, he served as vice president, CISO and enterprise security information officer at Fiserv. He also has held roles in global security consulting, independent technical research and comprehensive assessment services, as well as several key security roles at H&R Block.