Organisations struggle to find the resources to maintain a balance between security and operations. But automated, integrated security management enables organisations to set up an immediate framework to monitor enterprise security and address all concerns in realtime, writes Ulrich Weigel, EMEA director of security management practice at NetIQ.
Automated and integrated security management opens up a plethora of opportunities by integrating existing and new security systems and software with strategic security processes and practices. Constantly changing hardware requirements, software changes and regulatory compliance make integrated security mission-critical for many organisations. Only integration gives organisations full visibility into what is happening on their networks and allows them to act accordingly.
But integration must follow the correct methodology that offers a united front of people, processes and technology.
That amounts to involving employees from each business unit in the process to secure an action plan to implement agreed on security systems and procedures. Secondly, it requires internal coordination of structures, roles, responsibilities and reporting relationships. Lastly, businesses must certify programmes, which entails each business unit deciding, within certain bounds, the timescale in which its responsibilities can be introduced.
That results in thoroughly amalgamated realtime intrusion detection, log archiving, analysis capabilities, forensic capabilities and fault tolerance with other benefits and features attached to specific products, such as Web-based access consoles. Every server, router, switch, firewall and appropriate application reveals its activities to this process for monitoring, reaction and proactive measures. It offers businesses a security central nervous system that allows technicians, managers and executives to interpret, correct and enhance smooth and stable operations.
Although this approach sounds as if it’s intended for large South African banks and insurance companies only, it isn’t. Regardless of the size of companies, they can derive the same basic benefits: clear visibility and the opportunity to take appropriate action. Those that need to comply with regulations only have a further need to employ this approach.
But how do they do it? The best way is to protect the investments they’ve already made. Integration is a common requirement today and best-of-breed tools exist to integrate most security solutions. It is imperative to ensure that all security solutions in organisations are integrated since it is critical to have all security information available.
Failure to do so, besides the legal ramifications of failure to comply with regulations, means reinventing the wheel. That’s costly and leaves companies reacting to security issues instead of proactively catering to them before they consume valuable IT dollars in fixes.
IT dollars are an increasingly rare commodity. Integrated security, if properly planned and rolled out, offers great return on investment (ROI). Loopholes are closed, communication barriers removed and processes employed for repeated actions. Ensuring that processes are transparent to all parties and that they understand them from their particular points of view allows them to employ the correct measures in reaching strategic business goals, again saving unwarranted expense.
Some pundits may suggest that good system administrators could take care of this problem without the need for automated systems, additional security solutions and the integration tools that may be necessary to link existing software into the loop. However, corporations sometimes work against themselves. Change processes and procedures prohibit rapid action. For example, missing patches cannot be installed because the ramifications to applications must first be investigated across the organisation. Without integrated security, that takes far longer than is necessary and often required, leaving corporate systems exposed.
Another strong argument in favour of integrated and automated security solutions is that the field becomes enormously complex. There are multiple operating systems to consider, applications abound, networks interconnect, files are spread across departments, divisions, businesses and geographies, databases are larger, more complex and geographically dispersed than ever before. Forget about maintaining a custody chain for audits. Even performing a simple log file correlation rapidly becomes tricky in such environments.
Integrating them is so critical because administrators, who have a higher priority in organisations today, cannot afford to miss information. Without centralised log file administration, it’s nigh impossible to manage them and removes the ability to conduct forensic analyses.
Information is the greatest threat to organisations today. Not having it, or having only partial information, has dire implications for organisational security and one of companies’ most critical assets – data. Automated systems are the only method for effectively bridging the gap between the multiplicity of solutions employed in modern corporations and the administrative guards that watch over them.
Administrators need a comprehensive solution consisting of several components. However, each solution will contain different components depending on its intended objective. But all security solutions should factor in the three pillars of people, process and technology, incorporating existing components and fostering tightly coupled integration. The critical question to answer when selecting components is: how can we sufficiently report the state of security without drowning in different types of reports, multiple Excel spreadsheets and non-updatable PDF documents? The biggest challenge is obtaining a reporting utility that allows integration of all key aspects and becomes a “role-based model” to give different people access only to appropriate information based on their role in the organisation.
Generally, solutions should contain the following components:
* Policy and process management;
* Systems management;
* Identity and access management;
* Incident and event management; and
* Process automation management to enable macro process handling and integration of IT runbooks.
Integrated solutions with those components will be both reactive and proactive. They will provide continually updated audit reports for compliance against regulatory standards, best practices or other criteria to ensure ongoing changes are tracked. They will detect and prevent changes to operating systems and applications if required. They will alert in realtime and give predictive warnings.
That meets the minimum baseline that all systems require and convergence of systems and security management will ensure that all important aspects of the IT lifecycle are covered.