By George V. Hulme

At first glance, a raw diamond looks like nothing more than a dull, worthless piece of stone. Only with careful selection, cutting and polishing can it be transformed into the glittering bling of legend.

The same is true for corporate security logs. In its "raw" state, data from user and security activities doesn't offer much to CIOs. But once properly aggregated and analyzed, this data — including information from application logs, change-control processes, ticketing systems, and identity and access management applications — can be extremely valuable to CIOs.

More specifically, centralized solutions that manage this data can help CIOs deliver required security information, prove security compliance quickly and at low cost, and generate (and update as needed) security reports rapidly and efficiently. "Security often is too isolated," says Paul Davis, Executive VP and Chief Operating Officer of Decurity, a Tampa, Fla., security services provider. "When security is isolated or fragmented, it can't be leveraged across an enterprise to make the enterprise leaner. But when you centralize security management, that enables efficiency and consistency.

Security Information Management (SIM) solutions give CIOs visibility into their enterprisewide security processes, allowing them to quickly spot (and fix) vulnerabilities, bugs and other issues. Such broken processes are not only costly and raise risk, but can also be wasteful, since they can duplicate processes. "Different parts of the IT organization sometimes end up doing similar or even fully identical functions," Davis says. "For a large company, this doesn't mean just one worker wasting a few hours a week; it could mean teams of people doing the same thing and wasting time and valuable resources."

Commonly duplicated efforts include excessive approvals before allowing the provisioning of access to system resources, password strength checks, system evaluations and redundant testing of regulatory controls. To manage such problems, security should be integrated across the organization, says Gijo Mathew, VP of Security Management at CA. "Whether it's because of different IT platforms being deployed over time, acquisitions or a preference for point solutions, security applications and processes are often managed as silos," he adds.