Integrity control takes stage

Communications News,  March, 2004  by Tom Camden

• E-mail
• Print
• Link

Limited resources, high rates of configuration change, growing system diversity and increasing security risks have made the challenge of managing large numbers of distributed computers a difficult IT scenario. One technology-called integrity control or intelligent configuration management--can "see" the state of computers from a central point and proactively reach out and conform the integrity of computers to the desired configuration.

This current lack of control is the result of distributed computing technology racing ahead of the required control technology over the past 20 years. The journey from 1980 to the present has left the global IT community in a much--degraded circumstance, with computers placed in true minute-to-minute, mission-critical roles in virtually every major industry in the world.

The need to maintain the integrity of the functions of these systems is high, and the consequence of the loss of integrity is immediate. The mainframe computer has been replaced with thousands of distributed computers, but the larger, dedicated staff managing those computers is only able to exercise limited change control and often can not tell if computers are on or off, let alone the state of functional integrity across all the systems.

With the barrage of hacker attacks being conducted daily throughout the world, the environment is no longer an issue of neutral chaos vs. the preservation of a complex set of integrity control requirements. Instead, it has become significantly more hostile, with attacks quadrupling over the last four years. What is seen today are rising management concern about the risk of critical functions being performed by computers and rising costs associated with managing computers.

Integrity-control technologies can proactively sort through hundreds of thousands of configuration attributes in a population of computers, enabling the administrator to quickly identify undesirable situations, and then reaching out upon command to enforce target configuration states. A key area of knowledge to build now is the desired configuration baseline that makes sense, such as:

* security policies that your organization has in place or should put in place;

* production-quality standards or audit requirements:

* production risks that are most likely to jeopardize organizational excellence; and

* ways to reduce unnecessary support effort via proactive configuration measures.

Capture these considerations in one place and rank them by their impact on your organization's mission or business. Then identify the nature of risk being addressed and the possible cost or consequence of integrity failure.

The next step is to assess one of the integrity-control technologies available on the market today. Target a specific result that should be accomplished in the initial implementation of the technology. Some vender shave auxiliary products that track configuration baseline dynamics and can be used to demonstrate project progress.

Integrity-control technologies also can provide detailed change histories over time that help administrators see where they have been. Every anomaly and every deviation from the baseline is visible and recorded so that it, along with the resulting action taken, will contribute to the knowledge base of how to manage these systems in the future. The administration team will become more aware of changes as they occur, learning to identify and respond to potential problems before something goes wrong, instead of afterward.

Integrity-control techniques can also help establish disaster-control or business-continuity plans. Assuring that backup systems are accurately tracking the primary production systems as they continue to change can be accomplished as a by-product of applying integrity control to the primary systems.

Finally, the current security posture can be shown in concrete terms. Integrity control is one security improvement an organization can make that can reduce costs-because production and security benefits can be achieved with the same stroke.

For more information from Westinghouse: www.rsleads.com/403cn-262

COPYRIGHT 2004 Nelson Publishing
COPYRIGHT 2008 Gale, Cengage Learning