The system must understand and articulate the origin and nature of the disruption. Security sensors provide the knowledge and understanding necessary to warn enterprises of impending disruptive states.
Once the management state is recognized as "disrupted," action must be taken in a controlled fashion with the goal of returning the system to its normal state. The control phase provides the rules of execution and the instructional intelligence that the infrastructure must follow during the act phase.
During the act phase the infrastructure must respond to the disruption in a way that restores it to a normal or “safe” state. Act phase activities include many of the same tasks that are undertaken during the normal state but with an increased focus on the speed and reliability in which they occur. As an example, security patches must be deployed quickly without disruption whereas the normal process of upgrading operating systems and applications are typically done as a normal course of change management. While security patches are being planned and deployed the enterprise is vulnerable to damage.
Systems and data recovery is another example of similar processes being executed in the normal and disrupted state. Traditional backup systems back up data during normal operations but they very seldom focus on processes that will allow a recovery within the window required by most disruptive events. Since many normal and disruptive state management tasks are similar, it is logical to conclude that if we architect for the disruptive state we will also realize improvements in the responsiveness of the normal state management tasks.
It is important to recognize the enterprise-wide scope of managing in the normal and disrupted state. During the transition phase the management software must be capable of connecting to and managing the entire computing environment. This environment includes servers, network devices, desktops, laptops and handheld devices in both wired and wireless environments.
Consider three key pain points often highlighted during CIO discussions.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.