Identifying critical change control failure points in your infrastructure can help reduce the threat of costly downtime, potential security breaches, and compliance weaknesses. Read this paper for guidelines on how to identify and categorize systems that have characteristics which heighten risk.
IIIIIdddddeeeeennnnntttttiiiiifffffyyyyyiiiiinnnnnggggg CCCCCrrrrriiiiitttttiiiiicccccaaaaalllll
CCCCChhhhhaaaaannnnngggggeeeee CCCCCooooonnnnntttttrrrrrooooolllll
FFFFFaaaaaiiiiillllluuuuurrrrreeeee PPPPPoooooiiiiinnnnntttttsssss
There are key systems in every infrastructure where un- created an audit weakness, which could result in restatementapproved change poses significant business risk. The of financials. Ericsson identified their ERP systems running onbusiness risk can be outage, integrity of operations, security Windows NT as critical because of the fragile nature and highand audit weaknesses. risk of outage. In summary, each of these companies haddifferent business risks, all of which are related toWhat are examples of such systems? The table below shows unapproved change.critical change control failure points identified by companiesin various industries: For instance, Los Angeles World So how do you identify systems within your infrastructure asAirports (LAX) identified servers housing the database that key change control failure points? A great starting point is tocontrols access to various areas of the airport as critical. If look at various categories of systems that haveunapproved changes were made to these machines, it would characteristics which heighten risk. The following sectioncompromise the integrity of the airport operations and provides some categorization guidelines that Solidcorepotentially the safety of passengers. Network Appliance customers have used to identify their critical change controlidentified their Siebel systems because unapproved changes failure points.
WWWWWhhhhhooooo WWWWWhhhhhaaaaattttt WWWWWhhhhhyyyyy
Servers hosting WebEx meetings Critical to customer SLAsglobally
Transaction processing infrastructure Critical to maintain integrity offinancial transactions
ERP systems on Windows NT Fragile systems where any changeposes an outage risk
Physical access control systems Critical to airport security andpassenger security
Siebel order processing systems Critical for revenue and to avoidcompliance audit weaknessIdentifying Critical Change Control Failure Points
Critical Change Control Failure Points . Production control on factory Windows NTfloorsSystems with Large Fan Out . Legacy ERP systems. Many other applicationsThese are servers on which a lot of machines depend. If theywere to go down, a large number of machines would not be Communication Systemsable to operate. Examples include: Communication outages can bring most organizations to a. Root DNS complete halt:. Active Directory Servers Citrix . Domain Controllers Server . Email. Citrix Presentation Servers . Blackberry Exchange / Lotus. Virtualized Host Operating . VoIPSystems BlackberryDifficult to ServiceCascading Changes These machines are difficult to service and cost more to A local change propagates automatically through the support as a on-site technician is required. In addition peopleinfrastructure. Examples include: at distributed locations can make often make changes withless scrutiny. Systems include:. AD/DNS: Auto-replication Active Directory / DNS:Changes propagate propagates mistakes quickly . ATMs. Production/Disaster Recovery: . Retail POS Retail POSauto-sync can bring down both : . Medical Imaging Devices HHoossppiittaall . Network: Routing changes EEqquuiippmmeennttpropagate quickly; Line of Revenue. Any clustering solution Systems which are in the path of revenue for the company.Access Control Systems For example: Web Fulfillment/CRMSystems which control access to either the network or the . E-commercephysical facilities including: . Order fulfillment etc.. Servers providing a hosted. Checkpoint firewalls on Sun/ service for customersLinux Boxes Perimeter Firewalls. ISA/Windows Firewalls Complex Business Systems. Physical Access Badging Access /BadgingDatabases Systems running database based SAP Configuration(SAP) or j2ee business applicationsLegacy Systems have complex configurations.Changes to these configurations canSystems running fragile legacy applications where any cause downtime and bring businesschange, including OS patches could cause an outage. In use to a halt.across many enterprises forIdentifying Critical Change Control Failure Points
About Solidcore SystemsBenefits of Categorizing Systems by Business Risk Solidcore is a leading provider of changeCategorizing systems according to business risk p... [download for more]
