|
Security breaches due to improperly configured systems are increasingly making the headlines. Data broker ChoicePoint recently shelled out $10 million to settle a class-action suit brought against them in late January of this year due to a data security breach. ChoicePoint not only suffered a huge financial setback, but also raised customer concerns over the safety of sensitive data with the organization. And at the University of California, Los Angeles, hackers gained access to 800,000 records containing personal information, such as Social Security numbers, of former and current students and faculty. Analysts say that 80–90 percent of security exposures are a direct result of improper configuration of servers and workstations. But how many IT Managers can honestly say that they know the configurations of systems across the entire IT infrastructure? To do so, they’d have to be proactively checking the state of all systems—a tedious, perhaps impossible task if done manually. But for the critical systems on a network, knowing the state of these systems can prevent security breaches from occurring and company information from being compromised.
The effects of a poorly configured IT infrastructure may not always make the headlines; they may cause disruptions to application services, theft of intellectual property, and other less publicized, but highly detrimental incidents. For example, improperly configured elements of virtual environments—especially the hypervisors—may open up security holes and severely impact application service delivery. Consider also that organizations have a 75 percent chance of experiencing an email outage that lasts for a significant period—outages often due to poor configurations that will severely limit communication and productivity. Clearly, securing the IT infrastructure and ensuring optimal performance and availability are at the top of the priority list for IT.
Equally high on this priority list is compliance; a priority that often overlaps with security and operations. A Q4 2006 survey by AMR Research showed that companies anticipate spending of $6.2 billion in 2008 on achieving compliance with Sarbanes-Oxley (SOX) alone, and an additional $3.3 billion on retaining documents and records for required proof of compliance with regulations in general.
Many organizations do understand that the elements of their IT infrastructure—the servers, virtual machines, hypervisors, databases, applications, and devices—must be properly configured to meet security needs, maximize operations, and meet compliance with relevant external regulations, standards and internal policies. These proper configurations get the data center or IT infrastructure into a “known and trusted state.” But how can IT achieve that state? And once they’ve attained a known and trusted state, how do they sustain it? A first step is that they recognize and understand the common barriers to getting the infrastructure into that state.
Barriers to a Known and Trusted State
If leaders of an IT organization were asked why achieving and maintaining the IT infrastructure in a known and trusted state is so challenging, most would mention the following issues.
The Ever-Changing Computing Landscape
The continuing pace of technology evolution makes the IT infrastructure of an organization just five years ago almost unrecognizable today. An increasing reliance on the Internet for not only communications, but also for services, makes it impossible to separate an organization’s technology from the outside world. As new technologies come off the production line, they’re rapidly put into play in the infrastructure. The mentality of “cheaper, faster, better” results in the lifespan of a server, device, application or other element in the data center getting shorter and shorter. Managing this revolving infrastructure requires IT to keep track of what IT infrastructure components they have, who is responsible for them, who can modify them, and their configuration state.
|
