Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Turn Geeks into Leaders

June 17, 11:30 AM - 12:30 PM U.S./ET (GMT-4)

Larry Bonfante, CIO of the U.S. Tennis Association, will discuss the skills and approaches that your rising IT leaders must learn to be effective in an executive capacity.

How to Handle Your New CEO: Managing Turnover at the Top

June 18, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

Turbulent times have increased turnover at the top. Find out what Council CIOs have done to "break in" new CEOs—build relationships, set expectations, educate on the role of IT.

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

SUBSCRIBE TO CIO

Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

Feature

How to Exploit a Down Economy to get Special Security Needs Satisfied

Two IT security pros share advice on getting vendors to work together.

Leave a comment

By Ellen Messemer

October 16, 2008 — Network World —

When there's not quite the right fit in network security gear to meet your needs and goals, you might wind up settling for some distant second choice, if one exists. But enterprise technology managers are proving you can get what you want by pushing vendors to innovate—a trend that may be growing because of the economic downturn.

Tony Lucich, chief information security officer (CISO) and enterprise architect for Orange County, Calif., and Mark Starry, manager of enterprise architecture and security for Concord Hospital in New Hampshire, each hit a few roadblocks during some recent security projects. There were incompatibilities between switching and security gear, or security products fell short of accomplishing exactly what was desired. But Lucich and Starry, who don't know each other, share a spirit for overcoming obstacles by getting vendors to innovate to help their organizations.

Some analysts say this willingness to accommodate customers' special needs happens less often in the good times when fat-and-happy vendors will be complacent, but when the bad times arrive, customizing is a way to grow market share. "This 'responsiveness' to customers is most important in downturns like we are in now," says Gartner analyst John Pescatore, noting the smaller vendors often take the lead in this regard.

For Starry at Concord Hospital, the basic challenge was finding the means to comprehensively monitor the complex, high-speed network put in place based on Nortel core routing switches and trunking to link healthcare facilities in its New Hampshire locations to share high-speed IP traffic, including voice over IP.

While Concord Hospital already had IBM's Internet Security Systems intrusion-detection and protection systems at the perimeter, this gear wasn't the right choice for monitoring the entire internal network. Starry says that was mainly because the Nortel network, with its Routed Split Multi-Link Trunking, is so good at eliminating bottlenecks, it made collecting security-related information related to packet flows harder to collect, too.

Starry began a hunt to see what kind of security-monitoring equipment might be out there that could work inside the new network, narrowing down a short list that included Mazu, Q1 and Lancope. But no vendor seemed to support Nortel's proprietary protocol. Rather, Cisco's version of NetFlow was the norm.

But Starry didn't give up. He discovered that Lancope was willing to update its StealthWatch network behavior analysis monitoring gear to support Nortel, and he brought Lancope engineers together with Nortel ones to make it happen. This didn't come cheap: Starry says there's so much additional stress put on switches made to export every session out to a security collector that the switches had to be boosted with special hardware cards that cost upwards of $100,000.