Itís also not hard to convince the IT professional that the protection of data assets forms the foundation of recovering from a disruptive event. But very seldom do we think of security, systems and storage management as part of a seamless and holistic approach to securing the enterprise. Considering the rate at which vulnerabilities show up in our computing environment and the speed at which they can be exploited, we need to rethink how these three management environments should be leveraged after all; "The only truly secure infrastructure is a managed infrastructure!"
As the list below suggests, the administrative job of managing and securing the enterprise is complex and convoluted with loosely integrated software which attempts to automate the normal operations of the enterprise.
- Firewall management
- Virus definition updates
- Data backup
- Applications update
- Software licensing compliance
- Vulnerability assessment
- Disaster recovery
- Storage provisioning
- OS upgrade & provisioning
- Archive policy
- File recovery
- Asset inventory & reporting
- Common operating environment policy
- Patch installation
What is a Disruptive State?
When an enterprise has entered a disruptive state it is a serious change in status, evidenced by the number of IT executives that suddenly are visible in meetings, phone calls and triage sessions. The entire enterprise enters a lockdown as the IT departments identify the threat, determine the vulnerabilities, plan corrections and wait for an exploit. The entire enterprise is holding its breath. The IT organization works long hours to secure servers, desktops, laptops and most recently handheld mobile devices. Often the more controlled process and management automations succumb to the deployment of individual experts to manually correct known problems and hunt for leaks in the infrastructure. The frequency, duration and damage that occurs during disruptive states gives rise to new challenges faced by IT management products.
Managing in the disruptive case requires that the management software be capable of managing through three basic transitional phases: understanding the disruption, controlling the transition and finally acting in a way that returns the system to the normal state. This Proactive Security System must rely on the underlying infrastructure to take action and remediate the disruption; therein lies the critical connection between security, systems and storage.
The system must understand and articulate the origin and nature of the disruption. Security sensors provide the knowledge and understanding necessary to warn enterprises of impending disruptive states.
Once the management state is recognized as "disrupted," action must be taken in a controlled fashion with the goal of returning the system to its normal state. The control phase provides the rules of execution and the instructional intelligence that the infrastructure must follow during the act phase.