Central control: Let’s get it all together

Chris Pick outlines the pressures that are driving some organisations to integrate security and systems management

In the past few years, IT executives have redoubled efforts to reduce the ever-growing complexity and costs of distributed systems through infrastructure consolidation and better management control. In the boom of the late 90s, most IT activity was directed at deploying lots of new applications to stay competitive. In the post boom hangover, many companies now find themselves regrouping, to centralize control and get a better grip on managing a wide variety of computing resources. The simple economics of flat or reduced budgets and head count means that IT operations have no choice - they must try and accomplish more with less.

In highly regulated industries, new laws have spurred efforts at streamlining and standardizing processes that not only meet audit requirements, but also can significantly improve efficiency at the same time.

Perhaps the most significant force behind the convergence of systems and security stems from increasing pressure on IT departments to support service level agreements and provide a way to display alignment of IT performance with business goals. According to Gartner, "business service management" represents a new breed of tools designed to document and relate IT activities with business needs and goals.

Some of the key elements of business service management include better visualization of how IT components contribute to business processes so that IT operations can focus on problems that have the most impact on the business. As IT management matures within an organization, there is a tendency to centralize management and consolidate functions that overlap. For systems and security, these functions include event management, configuration, patch and vulnerability management activities.

Until recently, systems and security management have usually been seen as separate disciplines. While large framework vendors paid lip service in marketechture visions of deeply integrated security with the rest of systems and application management, this vision never materialized at a practical ops level.

Instead, security and systems management evolved into distinct areas with their own best of breed solutions that involved separate architectures, expertise, and consoles for management. Security focused on analysis while systems management gained prominence in operations. In most cases, security was considered secondary to maintaining performance and availability as companies pursued growth at all costs. New laws and regulations, highly visible worm and virus attacks, and 9/11, however, have transformed security from a back room to a boardroom issue.

In the past, integration was often an afterthought that began to gain more attention as systems and security become more complex and distributed. Today, most organizations are seeking a holistic view of the enterprise and are under pressure to lower total cost of ownership while making the most of limited staff and budgets. As a business service management perspective becomes more prevalent, we can expect that systems and security management will converge in ways that take advantage of potential synergies in key areas.

There are several areas where the convergence of systems and security management can make a big difference in improving efficiency and effectiveness across the enterprise.

As the number of security and systems monitoring consoles have multiplied, the job of managing events has become overwhelming for IT staff. A typical network operations center level 1 analyst may deal with hundreds (or even thousands in an inefficient monitoring environment) of systems and/or security alerts, often passing them on to a level 2 analyst resulting in expensive labor-intensive diagnosis and resolution. Consolidating both systems and security event information through automated "downstream suppression" can significantly reduce the administrator workload allowing staff to concentrate on what is most important.

Exploit convergence

Besides consolidation, there are many areas of event management that can be exploited from a convergence perspective. Compound correlation of events would enable IT staff to manage the flood of events from monitoring tools more effectively by helping to identify problems that affect both systems and security. A common rule-set across both systems and security would allow administrators to replicate and scale management across a complex enterprise, helping to bring unity to monitoring and management activities. Finally, a common agent infrastructure for both systems and security monitoring tools would reduce overhead and streamline management operations.

Convergence can also create a more consistent approach across the organization. One of the biggest challenges facing IT operations is to securely build, deploy, monitor and patch multiple systems. There are typically several departments involved, each with their own methods that operate independently of one another. As systems grow more complex, the duplicative processes become labor-intensive and wasteful.

IT management is recognizing that common functions should be unified (or converged) through a change management and workflow process that balances the need for security with the goals of the business.

Systems and security management reporting is another area where convergence can yield significant benefits. Combined reporting can contribute to better service level management metrics and improved communication and accountability between IT and business units. The goal is to give C-level executives and business unit managers a control cockpit view that provides an ongoing, near real-time visualization of systems performance and security management.

At a more granular level, unified reporting can provide IT staff with a better picture of how systems are performing as well as guide change management processes and help in consistent application of configuration, patch, and vulnerability management.

Obviously, the road to taking advantage of converging systems and security management is not a super highway at present. IT and executive management professionals at all levels need to work together to overcome traditional barriers built up over the past decade.

In many cases, traditional systems and security roles and turf identification tend to foster separate silos of administration and management. This manifests itself in the typical "It's not my job" syndrome. IT professionals must assume a leadership role by looking beyond their formal functions and job definitions to gain a broader perspective and sense of customer value that IT can offer the organization as a whole.

Outside the box

Obviously executive management commitment (IT and otherwise) to exploring convergence synergies can be a significant force in encouraging and rewarding thinking outside the traditional boxes that separate systems and security management. Business service management programs, for example, need to have specific objectives for exploiting convergence opportunities in the critical areas mentioned here in this article.

Professional organizations and associations can also help by conducting research and helping to define convergence best practices for IT and business functions. These organizations need to develop professional education programs that recognize the importance of convergence benefits and celebrate the efforts of those individuals and organizations pioneering more effective systems and security management.

Finally, software and hardware vendors need to improve their tools and services with an eye towards automating the key processes of event management, policy compliance and enforcement, and consolidated reporting and visualization in order to foster and strengthen a "technology of convergence."

Part of a modular approach to building synergistic solutions comes from choosing tools that result in immediate value, measured in terms of days, not weeks, months or years. Consensus and cooperation among professionals can be built over time but results have to be measured and articulated as soon as possible to justify the investment. By choosing specific areas to address first and making sure solutions show rapid results, security and systems professionals can build and sustain momentum.

In redefining roles and responsibilities to take advantage of convergence opportunities, it's important to maintain proper checks and balances. By delegating the task of monitoring "acceptable use policy" compliance to an email administrator, for example, you can make enforcement of content security an ongoing operational task.

In effect, the administrator becomes a "security partner" in performing a crucial security function on a regular basis. Besides, giving the email administrator responsibility for content monitoring at the gateway is also an ideal way to ensure a separation of duties.

Not only does this arrangement keep any one individual from subverting security practices, it also satisfies recently enacted regulations that require a separation of duties between those responsible for developing security policies and those responsible for their administration and enforcement.

The pressures to do more with less and improve the cost-effectiveness of systems and security management mean that convergence is inevitable for most organizations. How smooth that road will be depends on how well both security and systems professionals approach the issue with an open mind and a willingness to assume responsibility.

Current lessons from the front lines indicate that convergence opportunities can be realized when obstacles are recognized and overcome based on an understanding of what is practical and achievable in the short term. The recommendations here are offered as a "first cut," intended primarily to help you understand the issues you need to manage as a professional to succeed in your job and deliver lasting value to your customers. n

Chris Pick is vice-president of market strategy for NetIQ

Infrastructure "management portal" provides view into server world
For Joe Rogers, manager for Intel Server Engineering at a major pharmaceutical company, the convergence of systems and security management moved from the theoretical to the practical at a planning meeting two years ago when he volunteered to combine both as part of his responsibility.

He recently launched an infrastructure management portal initiative that illustrates how unified systems and security reporting can be leveraged to improve communication and service to business unit managers by the IT department.

With more than 400 servers under his care, Rogers faced a common challenge of knowing which applications were tied to specific servers so that problems could be sorted and dealt with according to business priorities.

"In the past, we would get a page that a server was down," Rogers recalls, "but it was difficult to know how important that server was and what business function it performed. Technicians that might be dealing with multiple server problems would simply walk into the data center and go to the nearest server. There was no way to judge the priorities of service."

Rogers and his team went through the process of first mapping applications to various business units and then listing all systems attached to those applications. He put the results into a database and produced spreadsheets that were shared with applications administrators. Rogers then built a unified console interface that presents event information collected from systems monitoring tools.

Everyone from application administrators to business managers now has a GUI that gives them a window into the server world. The infrastructure management portal interface can be organized logically with icons representing servers, application processes, lists of information or charts and diagrams.

"Now when there is a problem," Rogers notes, "the app administrator can use the portal to check the server or process instead of having us send out multiple staff to physically examine the server. This provides better insight and accountability. Plus, we can all do our jobs more efficiently and understand how we can work together more effectively."

Better communication helps to overcome turf issues
Krizi Trivisani, head of infosec at George Washington University (GWU), has demonstrated how one security professional can take the initiative to create better communications with an entire enterprise IT infrastructure and a host of end users - she organizes committee meetings every two weeks for all IT stakeholders.
The meetings encompass technology staff from every department at GWU, from library, law and medical schools to network engineers. Attendees can range from the CIO and executive directors to technology interns and system administrators.

"Everyone has a voice at these meetings," she emphasizes. "We discuss security projects and priorities and how we can all work together to ensure everyone gets the services they require with the proper security. The meetings are crucial in overcoming turf issues."

By meeting regularly, all IT stakeholders have a vehicle where competing interests for limited resources can be negotiated and processes for audit, oversight and implementation are co-ordinated.

Bringing the security IT staff into application development at an early stage, for example, helps to eliminate conflicts later on.

But there is no single 'Goliath' security or systems software solution. According to Trivisani: "We prioritize our security software purchases so we can make best-of-breed purchases that deliver the best bang for our buck." In many cases, security and systems professionals deal with independent islands of automation that evolve to create converging continents of better management. Looking for tools that deliver the best functionality with the flexibility to add capabilities as needed within the context of a plan makes the most sense for her organization.

Trivisani emphasizes the need to achieve small successes first and wait for the organizational culture to adjust to behaviors that foster better security and systems management. "You need to choose the initial battles you know you can win," she explains. "Once you gain your colleagues' confidence, you can get more aggressive in bringing together not just IT staff with different functions, but business unit or department directors as well."
Everyone from application administrators to business managers now has a GUI that gives them a window into the server world. The infrastructure management portal interface can be organized logically with icons representing servers, application processes, lists of information or charts and diagrams.

"Now when there is a problem," Rogers notes, "the app administrator can use the portal to check the server or process instead of having us send out multiple staff to physically examine the server. This provides better insight and accountability. Plus, we can all do our jobs more efficiently and understand how we can work together more effectively."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.