Shawn McCarthy | Internaut: Automate security to fight automated attacks
- By Shawn McCarthy
- Oct 18, 2006
Shawn P. McCarthy
Is your agency automating its approach to security management? In most cases, automation could be the best way to ensure that security policies and procedures are standardized and properly implemented across a government enterprise.
Full security automation takes an agency far beyond automatic virus updates or firewall configuration. It's actually more of a business-process automation solution that allows agency managers to set specific standards for security then empower IT operations with a formal way to comply with all standards, regulations, policies and best practices. Mind you, security automation isn't the same as network operations management'it's a separate set of tools for business-process management and enforcement.
The need for such a solution has never been greater. Automated Internet attacks are pressuring agencies to properly configure servers, firewalls, services and applications. Many new system components are not properly configured out of the box, so they need to be reconfigured in a standardized way (which may differ from agency to agency). Moreover agencies need to address patch management and system upgrades in a universal way.
Meanwhile natural disasters and terrorist threats have prompted more agencies to configure their systems to include redundant data stores and backup operations. And let's not forget the risks associated with theft or loss of hardware, plus issues related to software licensing violations. Both make accurate asset management a key concern.
In many ways, enterprise IT security is no different than establishing and tracking maintenance rules for a fleet of vehicles, while at the same time keeping all those assets safe. It just takes a centralized resource.
An automated security management system should include several key features, including:
- Enterprisewide service desk capabilities to coordinate initial implementations, ongoing management and incident response.
- Identity management for both people and systems as they access a network or a physical space
- IT asset management
- Configuration management
Building on such a foundation, the business rules of an automated security management system can include ways to meet government-defined security standards, protection of privacy, secure access to data, security and protection of government IT assets, incident management rules and configuration management. The system should also include automated reports to help managers show their compliance and progress.
When your agency looks to roll out a security automation system, it's likely to explore Hewlett-Packard's OpenView solution; IBM's Tivoli suite (IBM recently acquired MRO Software for asset management and Micromuse Netcool for service management); CA's UniCenter enterprise management system; Altiris' suite of service-oriented management and compliance tools; and Microsoft's various software components for asset, security, identity and configuration management.
IT managers should also be aware of the IT Infrastructure Library. This widely accepted approach to IT service management is a group of best-practice recommendations that include common definitions and terminology for things like incident management, problem resolutions, change management, release and upgrade management, and service desk standards.
With a centralized automated security solution, agencies can fix what has become one of the largest headaches they face: standardizing their approach to security across an enterprise. Without such a solution, they are doomed to continue a piecemeal approach, which can be time-consuming and prone to mistakes.Former GCN writer Shawn P. McCarthy is senior analyst and program manager for IDC Government Insights of McLean, Va. E-mail him at firstname.lastname@example.org/a>.
Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.