As I’m kicking off the next iteration of the Forrester Wave™ for vulnerability risk management in the coming weeks, I’ve been fielding a lot of questions about what I’m going to be focusing on and why. Traditional vulnerability management solutions date back 30 years and are a critical element of an infrastructure hardening process, but digital transformation has relegated them as no longer sufficient. Because of this, I’m focusing this upcoming Wave on vendors that are actively developing products to solve today’s problems and hope that, by sharing this vision, I can help drive the market a little closer to where we need to be.
Complexity Begets The Need For Vulnerability “Risk” Management
With our digital transformation has come complexity. There are simply too many devices and too many applications that we’re responsible for maintaining in our infrastructure for us to also maintain a meaningful asset inventory, much less keep everything patched and up to date. I’ve heard this problem described in reminiscences of past lives in which there was the one person responsible for keeping track of all the assets who was basically the crown jewel of the IT organization — and if that person ever left, it would be impossible to replace that knowledge. At a certain point, the “genius” of our IT organization was no longer able to keep track of everything, and we’ve been treading water ever since. This clearly isn’t the entire story, but to quote Tyrion Lannister, “people need a good story,” and this one is effective at helping people understand that complexity has outpaced our ability to manage our environments the way we used to.
Source: DRJ New feed