Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
02 October 2006  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

On change management solutions

An automated change management solution can help an organisation remove the technical and operational boundaries that have existed between storage, systems and security management, writes Raymond Goh.

Downtime is becoming more painful for organisations. Consider this one statistic: according to Infonetics Research, large companies lose up to 16 percent of their annual revenue due to unplanned network downtime.

It’s no exaggeration to say that information is the engine of every enterprise’s business. And every enterprise confronts the challenge of ensuring that its information is always secure and always available. Maximising information security and availability is difficult primarily due to the diverse requirements that enterprises face each day, including fragmentation. Think of it: enterprises of all sizes need to support multiple devices, operating systems, applications and networks—all while providing everything from intrusion prevention, anti-spyware, policy compliance and virus protection to patch management, OS and application roll-outs, licence monitoring, and systems and data recovery. That’s a hefty agenda.

Factor in disruptions to business services, and the situation becomes even more complicated. Disruptions can be caused by a number of events, including operator error, power failures, poorly configured systems, and cyber attacks that exploit software vulnerabilities. What’s more, in today’s dynamic and uncertain business world, even many ‘normal’ or routine business operations—such as the deployment of new business applications or OS platforms—can be just as disruptive and costly to an organisation’s health as malicious attacks on its infrastructure.

Building an environment that is completely disruption-proof is impossible. Given the complexity of the IT environment and the heightened threat landscape (with its increasing vulnerabilities, sophisticated attacks, and exploits that are published before companies can complete patch testing), disruptions are certain to occur. And regardless of whether a disruption is planned or unexpected, every minute of disruption costs money and potentially puts a business at risk.

Be ready to respond

The key to eliminating or significantly minimising the effects of these disruptions is for organisations to take a holistic approach to systems, storage and security management in a way that creates a state of business capable of addressing planned and unplanned disruptive operations as well as rapid recovery from disruption.

  • Planned disruptive operations. In the normal state of IT operations, all servers, desktops, laptops and mobile devices must be constantly updated and configured to ensure that the environment is available and secure. So whether it’s a hardware refresh, new OS deployment, or just a service pack update, even the normal state of the enterprise entails change on a regular basis. Now consider an enterprise-wide OS upgrade. While such an event can be very costly and disruptive, it’s also considered normal. The process involves determining exactly what is on every machine in the enterprise, setting the standards for a new operating environment, preparing that environment for deployment, and then finally deploying the change.
  • Unplanned disruptive operations. Unplanned disruptions are characterised by a sudden interruption in the operational environment and an unplanned, unscheduled need to respond in order to restore normal operations. One of the best examples of an unplanned disruption is the discovery of a security vulnerability such as a worm or a blended threat. In all such instances, the urgent business requirement to recover to normal operations is the same.
    Of course, the activities that an IT department launches in response to an unplanned disruption are themselves disruptive to the normal operating state of the business and IT environment. Patch remediation, for example, represents an acute pain point for most organisations. The ability to completely patch and configure machines securely (e.g. close open ports and shut down unnecessary services) presents a large problem, primarily because the threat landscape evolves more quickly than the patch process can update the software. An average of 48 days exists between the release of an exploit and the release of an associated patch. During this time, systems are either vulnerable or administrators are forced to create their own workarounds to prevent exploitation.
    As disruptive as these prevention activities can be, however, more severe damage can occur if vulnerabilities are not eliminated faster than they can be exploited.
  • Rapid recovery from disruption. Even the most secure enterprise must have a back-up and disaster recovery plan which enables it to recover successfully in the event of an attack or other operational disruption. The need for such infrastructure stability has received additional impetus lately as a result of a growing number of regulations, including Sarbanes-Oxley, HIPAA, FISMA, and Basel II. Executives are now personally responsible for ensuring that IT processes are properly implemented. Such developments point to the need for automated data back-up and disaster recovery.

Automation is the key

By now it should be clear that an organisation must ensure that the security, systems and storage management elements of its infrastructure perform successfully not only during normal conditions but also during any disruption. That’s why organisations are increasingly turning to an automated change management solution to restore their systems within minutes when a disruption occurs. Such a solution can discover, provision, configure, patch and recover client devices throughout an organisation, including laptops, desktops and handheld devices. It automates manual IT processes and transforms them into unattended operations that can be performed on multiple systems simultaneously. As a result, IT administrators can quickly discover all hardware and software assets across a network, as well as understand and analyse their current states in order to apply proper IT controls and policies.

An automated change management solution also recognises that it’s not always practical for an IT administrator to physically touch an affected system. Instead, many activities—such as reconfiguration, recovery and reprovisioning—need to be handled by remote control. This is a critical component of any automated change management solution.

Overall, an automated solution enables organisations to manage and protect the state of their business operations with greater ease, efficiency and effectiveness—and without hiring additional IT personnel.

The author is Regional SE Manager, Asia South, Symantec Corporation.
He may be contacted at raymond_goh@symantec.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.