Search This Blog

Monday, July 25, 2005

Managing the managers


NETWORK WORLD NEWSLETTER: BILL HELDMAN ON NETWORK/SYSTEMS
MANAGEMENT
07/25/05
Today's focus: Managing the managers

Dear security.world@gmail.com,

In this issue:

* The importance of independent validation and verification
* Links related to Network/Systems Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by NetQoS
Beyond Knowing What's Up - A Guide to Selecting an SNMP Poller

There is no shortage of SNMP-based data collection and reporting
solutions on the market - from freeware to multi-million dollar
systems, up/down statistics to detailed trending and analysis.
How can you find the right polling solution for your
environment? Find out in "Selecting the Best SNMP Polling and
Reporting Solution".
http://www.fattail.com/redir/redirect.asp?CID=108759
_______________________________________________________________
CYBERSLACKING - IT COSTS

To the tune of $178 billion annually, according to a recent
study. Employees, at work, are reading the news, checking
personal e-mail, conducting online banking, travel and shopping
more than you might realize. How much time? Click here for more:

http://www.fattail.com/redir/redirect.asp?CID=108704
_______________________________________________________________

Today's focus: Managing the managers

By Bill Heldman

Vendors with extant systems management implementations such as
Marimba, Unicenter, OpenView or SMS have found considerable
success in the monitoring and remediation of systems through
automated software distribution.

This ability is especially useful for continuously monitoring
the various software manufacturers for vulnerability and
system-patch updates, automatically downloading them and
applying them. This so-called "level-setting" of the enterprise
has bearing upon business service management and speaks to
ITIL's best-practices recommendations.

Even though these systems management tools have brought us much
closer to systematic and timely across-the-board updating, it
seems there is still a gaping hole - one that has enormous cost
and security implications if left unchecked. Consider: An end
user, not in IT but with technical talent, gains administrative
access to the local computer (freely given out in many
organizations, but easily acquired even in those shops that
closely guard such things) and simply downloads and installs
whatever software he thinks he needs. Or how about this: Basic
end users download and install a variety of "free" software
packages, some innocuous (such as WebShots - doubtless one of
the most popular free downloads on the Web), some loaded with
potentially damaging adware and spyware.

Now suppose that the internal applications development
department, responsible for a wide array of important internally
developed business applications, writes an update or patch for a
given system - one of the many patches or updates that systems
managers readily push out to users with systems management
software distribution techniques. But the update has flaws.
Perhaps it overwrites key system DLLs or accidentally updates
the wrong registry key, bringing systems to a halt or making
them completely unreliable.

All of the above scenarios, and others, point to the fact that
while the IT organization can somewhat control rogue
installations of software through policies, and enterprise
installations of software can be managed through high-quality
systems management tools, at the end of the day changes in most
environments can slip through without any IT person's awareness.

The implications should not be lost on any IT manager. The
potential for the introduction of security vulnerabilities,
coupled with the need to physically remediate the machines using
expensive IT technician support is quite evident. It is
precisely this provocative gap that needs to be filled. Clearly,
there has to be some sort of watchdog able to automatically
handle such incidents and report back to IT stakeholders.

In the human world, there are those in the business of
monitoring IT projects being undertaken by contractors on behalf
of a given IT entity. The term given to this monitoring effort
is independent validation and verification (IV&V). For example,
a state agency where I recently worked is using a company called
SysTest for IV&V while Avanade rewrites a critical state-related
service application. SysTest "red- flags" areas in which either
the agency or Avanade has an issue, and has tremendously helped
with the forward movement of the service application.

This same IV&V idea exists in software automation designed to
act as an ancillary component to conventional systems management
tools. Two companies in this area, Reflectent and Tripwire,
specialize in watching systems - that is, servers and desktops
(and in Tripwire's case network gear as well) - for unauthorized
and unexpected changes. While neither package actually fixes the
problem, they both alert IT.

The advantages are obvious and, from the perspective of total
cost of ownership and security, tremendous. In the application
development department example above, the error could be pointed
out well before it causes an enterprise-class problem, and it
gives IT the chance to come up with ways to remediate the issue.
Finger-pointing frequently takes place and sucks valuable cycles
away from problem determination and resolution. IV&V software
dramatically reduces this phenomenon because it precisely points
to the source of system problems.

No organization should consider its change management paradigm
complete until it has implemented some sort of automated IV&V
monitoring that is able to spot those unauthorized and
unexpected changes - especially for those hard-to-find but
pervasive changes that are so common throughout the computing
world.

As always, I would love to hear your ideas and input.

The top 5: Today's most-read stories

1. Future-proof your network
<http://www.networkworld.com/nlnsm3447>

2. City finds big savings in Linux
<http://www.networkworld.com/nlnsm3450>

3. Appliances replace DNS, DHCP software
<http://www.networkworld.com/nlnsm3448>

4. Life's rich in telecom... if you're a lawyer
<http://www.networkworld.com/nlnsm3662>

5. The ROI of VoIP
<http://www.networkworld.com/nlnsm3663>

Today's most forwarded story:

Microsoft to acquire FrontBridge for e-mail security
<http://www.networkworld.com/nlnsm3664>
_______________________________________________________________
To contact: Bill Heldman

Bill Heldman is an Analyst with Enterprise Management Associates
in Boulder, Colo., a leading market research firm focusing
exclusively on all aspects of enterprise management software and
services. Bill has more than 14 years of experience working with
distributed systems, applications and networks. His current
focuses at EMA are desktop, applications, systems and services
management, configuration change management, enterprise
application integration, performance and capacity planning,
software distribution and licensing, virtualization and Web
services. Email <mailto:bheldman@emausa.com>
_______________________________________________________________
This newsletter is sponsored by NetQoS
Beyond Knowing What's Up - A Guide to Selecting an SNMP Poller

There is no shortage of SNMP-based data collection and reporting
solutions on the market - from freeware to multi-million dollar
systems, up/down statistics to detailed trending and analysis.
How can you find the right polling solution for your
environment? Find out in "Selecting the Best SNMP Polling and
Reporting Solution".
http://www.fattail.com/redir/redirect.asp?CID=108760
_______________________________________________________________
ARCHIVE LINKS

Archive of the Network/Systems Management newsletter:
http://www.networkworld.com/newsletters/nsm/index.html

Management Research Center:
http://www.networkworld.com/topics/management.html
_______________________________________________________________
FEATURED READER RESOURCE
THE NEW DATA CENTER: SPOTLIGHT ON STORAGE

This Network World report takes a look at storage trends such as
virtualization, encryption and archiving. Here you will also
find seven tips for managing storage in the new data center, how
storage encryption can help ease the threat of identity theft,
why one exec believes its all about the information and more.
Click here:
<http://www.networkworld.com/supp/2005/ndc4/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html

_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

1 comment:

Anonymous said...

buy valium online buy valium online no prescription in australia - valium for anxiety symptoms