Most everyone agrees that a key source of organizations' ongoing IT security vulnerability is the complexity resulting from technology heterogeneity.  The more individual systems and technologies in play, the more difficult it is to ensure sufficient control and consistency.  Given today's dynamic environment, security management systems and processes have a hard time keeping up.  This is certainly not a new phenomenon. It is probably one of the oldest IT challenges around, impacting not just security, but also all other areas of IT management.  But given the emergence of the newest technology wave, the cloud, the issue of heterogeneity -driven complexity is being discussed again.

Stepping back to the base problem of complexity driven by technology heterogeneity, one way perhaps to address the problem is to turn heterogeneity into homogeneity.  This however is probably the oldest proposed solution around and has really come true only in the dreams of the many application platform vendors out there.  In reality IT organizations don't have the luxury of picking a common platform for IT's convenience. Serving the business is IT's primary directive and that generally means employing varied technologies. 

Perhaps, as some say, the emergence of the cloud will finally do away with IT heterogeneity.  If everything is running in the cloud then organizations don't even care what the underlying technology is, and the heterogeneity-driven complexity goes away -- at least for the cloud consuming enterprise.  In effect this would push the IT complexity up into the cloud providers' domain and take the problem away from the enterprise.  Is this theoretically possible? Yes, but the key word I want to draw you to in the previous sentence is "everything."  Until such time as all IT services are in the cloud, heterogeneity-driven complexity actually goes up not down for enterprises.  While this is certainly not a reason to disregard use of cloud services, it must be recognized that during this cloud transition period (which if it is like any other IT transition period, never completely transitions) organizations will need to manage on-premise and cloud-based applications and services simultaneously.  Thus the management complexity for organizations goes up not down.

Of course the other way to address heterogeneity-driven complexity is thru IT management tools which were built to cross technologies, whether deployed on-premise or in the cloud.  It shouldn't be a surprise that this is exactly where CA is focused.  While no one at CA would claim this job is done, we continue to make progress in providing IT security and management systems that help IT organizations address the reality of today and tomorrow.  Just this week the security business at CA announced the recent expansion of our Web security solution to cover the critical open source based Red Hat JBoss platform.  This solution helps to address IT heterogeneity by centralizing security management, but distributing enforcement across a huge variety of underlying technologies.  So unless you are part of a very small organization that could in fact put "everything" in the cloud in short order, you will need to address you heterogeneity-driven complexity (whether or not you are moving to the cloud) without relying on the dream of IT homogeneity.