As a CISO, I\u2019m looking for security solutions that are integrated, reducing the number of vendor interfaces, eliminating the number of consoles and backend databases I have to provision and manage and potentially reducing headcount once fully implemented and matured. They don\u2019t have to be best of breed. The solutions I seek are not just technology focused but those that incorporate people and process into a cohesive risk-based ecosystem.\u00a0Just what is a risk-based ecosystem? In short, a risk-based ecosystem is defined as all the members of the integrated community and the physical environment in which the community exists.\u00a0Data moves around the ecosystem in loops.\u00a0This community together with its environment functions as a unit.\u00a0All ecosystems are open systems in the sense that actionable information is transferred in and out.\u00a0When I look at the large companies with an information security focus such as EMC, Symantec, CA, IBM and Cisco non-inclusively, I find many of the components of a risk-based ecosystem.\u00a0Unfortunately, the ecosystems as delivered are highly dysfunctional.\u00a0There is little integration amongst members of the ecosystem as offered by these companies.\u00a0Purportedly, they are moving that way.\u00a0In fact, Art Coviello indicated at the RSA Conference that there would be no standalone security companies within 3 years.\u00a0I welcome that but have worries surrounding the stifling of innovation and wonder what that statement really means since I\u2019m a bit slow on the uptake. So, will the large Pac-Man-like players focus on acquisition to meet that goal or will they actually start to integrate the tools? \u00a0Can they sustain both?\u00a0I think they will try but one will suffer and that is usually integration.\u00a0I want full integration sooner not later so I can manage all members of the risk-based ecosystem with one console and aggregate all the data in one database.\u00a0I want to reduce the number of vendors I deal with and establish strategic partnerships with a few visionary innovators.The other issue I have is what they are requiring me to do today and in the foreseeable future. That is to deploy more hardware, more software, increase my implementation timeframes, train and re-train staff, and wait for several months if not years before I can bleed the functionality out of the ecosystem members.\u00a0This increases my cost basis and continues to feed the outdated, outmoded beast of continued hardware and software installations, maintenance, upgrades, patches, and management\/staffing requirements since the ecosystem is dysfunctional.\u00a0As a matter of fact, it cannot even be considered an ecosystem.\u00a0In most cases, it is a hodgepodge of tools, appliances, servers, databases with different consoles, separate databases, and in some cases completely different operating units managing the tools.Is there a model that can remove my costs and serve as the risk-based ecosystem I so desperately seek? I place my bets on the Software as a Service model as the antithesis to the large, cumbersome hardware and software deployments, management, maintenance, and general daily care and feeding.\u00a0As long as the data is secure in transit, in storage, in processing, why do I care where the infrastructure is deployed and managed?\u00a0I won\u2019t have to manage any of it but mine the data and, my implementation timeframes should shorten significantly.\u00a0Who is going to take me to the risk-based ecosystem I seek?