The continuance of malicious computer attacks has made security a key topic in almost every boardroom and IT oversight committee. Most IT departments accept that routine updates to software operating environments are a necessary part of managing systems.
It's also not hard to convince the IT professional that the protection of data assets forms the foundation of recovering from a disruptive event. But very seldom do we think of systems and storage management as part of a seamless and holistic approach to securing the enterprise.
Considering the rate at which vulnerabilities show up at our doorsteps and the speed at which they can be exploited, we need to rethink how these three management environments should be leveraged. After all, the only truly secure infrastructure is a managed infrastructure.
The job of managing and securing a corporation is complex, and it's convoluted with loosely integrated software that attempts to automate the normal operations of the enterprise. The processes involved include firewall management, virus definition updates, data backup, applications updates, disaster recovery, storage provisioning and patch installation, to name a few.
However, in today's heavily exploited environment, security, systems and storage management must effectively manage during what are called normal state and disruptive state conditions.
The disruptive state
When a company enters a disruptive state, the entire enterprise goes into a lockdown. IT departments identify the threat, determine the vulnerabilities, plan corrections and wait for an exploit. The entire enterprise holds its breath. The IT organization works long hours to secure servers, desktops, laptops and, most recently, handheld devices.
This "proactive security system" must rely on the underlying infrastructure to take action and remediate the disruption. Let's look at it in terms of phases.
The understanding phase: The system must understand and articulate the origin and nature of the disruption. Security sensors provide the knowledge and understanding necessary to warn enterprises of impending disruptive states.
Control phase: Once the management state is "disrupted," action must be taken in a controlled fashion to return the system to normal. The control phase provides the rules of execution and the instructional intelligence that the infrastructure must follow during the next phase, the act phase.
Act phase:During this phase, the infrastructure must respond to the disruption in a way that restores it to a normal, or "safe," state. The act phase activities include many of the same tasks performed during normal conditions but with an increased focus on the speed and reliability with which they occur.
For example, security patches must be deployed quickly and without disruption, while the process of upgrading operating systems and applications is typically done in the normal course of change management. While security patches are planned and deployed, the enterprise is vulnerable to damage.
It's important to recognize the enterprisewide scope of managing in the normal and disrupted state. During this transition, the management software must be capable of connecting to and managing the entire computing environment, which includes servers, network devices, desktops, laptops and handheld devices in both wired and wireless environments.
Consider three key pain points often highlighted during CIO discussions:
The challenge of migrating and building systems at the rate of arrival of new operating systems has become so difficult that some CIOs see it as a career-threatening event. The process involves first determining what, exactly, is on every machine in the enterprise, setting the standards for a new operating environment, preparing that environment for deployment and finally deploying the change.
The whole process takes so much significant manual activity and expertise and can be so difficult that many organizations still have yet to migrate to Microsoft Corp.'s Windows XP, since a new Windows environment is already inevitable with Microsoft's Longhorn.
The ability to completely patch and configure machines is a big problem, primarily because the threat landscape evolves more quickly than the patch process can update the software.
Viruses such as Sasser and Blaster are proof that virus writers will continue to exploit vulnerabilities. Sasser was released into the wild less than three weeks after Microsoft announced the vulnerability it exploited. The window of opportunity in which IT can react to vulnerabilities continues to decrease.
Protection and recovery
It goes without saying that data should be protected, but organizations should also have a backup and disaster recovery plan that will help them recover in the event of a successful attack. Data recovery has become a heightened concern -- because the rate of attacks is increasing, the probability of having to recover is higher.
Additionally, the accuracy of financial reporting, the privacy of personal information, security and other process certifications are becoming the personal responsibility of executives. This level of infrastructure accountability is driven by regulations, such as the Sarbanes-Oxley Act, HIPAA and the Federal Information Security Management Act. The scope of recovery solutions must include desktops, PDAs, servers and laptops and must have recovery times that are measured in minutes.
Ideally, an organization should have a modular suite of applications involved in managing the transition from normal to the disruptive state and back again in a controlled and safe manner. The application strategy has five parts:
Installation design: A virtual design environment that simplifies the creation of installation and recovery packages. The goal is to improve and reduce the effort required to create an installation environment.
Software provisioning and delivery: A centralized delivery environment that automates the local and remote installation of computer operating environments.
Patch management and help desk operations: Local and remote operations that assure that software is up to date and automate problem management.
Asset management: Autodiscovery, inventory, software usage and license monitoring, plus disposal, repurposing and reporting are elements of the asset management used by most of the applications in this set.
Protection, recovery and archive: A hardware-independent, local and remote automated backup, recovery and archive environment. IT needs to be able to get back up and running in a short period of time.
A holistic strategy will allow IT organizations to become more efficient, which will give IT staffs more time to focus on important projects rather than having to deal with urgent security issues. By involving all relevant IT and management groups working toward the common goal of securing the enterprise, the solution becomes fully integrated rather than fragmented.
By implementing a scalable, platform-independent architecture that addresses security, storage and systems management, IT will find it much easier to stay on top of that checklist.
Don Kleinschnitz is vice president of product delivery for Symantec's enterprise administration business unit. He joined Symantec in December 2003 as part of the acquisition of PowerQuest, where he was chief technology officer and senior vice president of storage products. He worked for 24 years at Storage Technology, where he was involved in product strategies for open systems and SAN storage markets.