New Data Center Strategies Newsletter [1] By John Burke [2], Network World, 02/20/07
There’s good news and bad news about data center security, according to Nemertes’ just-published “New Data Center” benchmark.
First, the good news. Almost 80% of enterprises (both large and small) have a data center-specific security policy defined, and of those with policies, more than 80% regularly test compliance with them.
The bad news: Regarding operational security monitoring, the picture’s not so rosy. Although everybody engages in some level of system logging (whether solely for security reasons, or in support of regulatory-compliance efforts as well), fewer than 30% of companies log all systems, and fewer still collect the logs at a central location for review and analysis. In fact, most logs are left in place and never reviewed except in the heat of a crisis, or worse, in the aftermath. IT has been letting sleeping logs lie (sorry!), hoping they won’t bite when they wake.
That’s not acceptable. Security and compliance are increasingly high-profile in most enterprises, as we’re finding in the current benchmark on Security and Information Protection, and letting sleeping logs lie isn’t going to cut it. The key thing that has to change is for enterprises not just to gather but also to use the logging information.
Specifically, they need to analyze it and to correlate it across systems. They also need to integrate information from other tools such as network and system monitors, policy managers, and trouble-ticketing systems.
Unfortunately, as a stroll around the recent RSA Conference [3] floor illustrated all too well, enterprise security is in the same position as enterprise systems monitoring and management generally: awash in point products that don’t integrate (or not well). That means IT executives need to look in dozens of places to find things out.
What IT executives need instead are tools that are able to work together, especially tools that function as a central aggregation point for displays and alerts. In other words, what’s required is a security console that can act as a single pane of glass for security tools of many types.
There are certainly products out there, from a variety of vendors, that are or try to be ready to serve in that position. Fewer, though, are ready to themselves be plugged into some other console, whether a general enterprise monitoring system or some other security manager.
Given the already disjointed nature of security management tools, this is far from desirable. Security staffers don’t want to have to keep adding places to look when monitoring enterprise security health.
What to do? For starters, vendors need to pay as much attention to “northbound” integration (implementing tools to meet the portlet standard and/or to feed information to other tools for display using an open Web-services integration model) as to “southbound” (letting information from other tools into theirs). IT executives need to put pressure on vendors to provide interoperability and integration.
And finally - enterprises need to stop letting sleeping logs lie. What you don’t know can hurt you.
Links:
[1] http://www.networkworld.com/newsletters/datacenter/index.html
[2] http://www.networkworld.com/Home/jburke.html
[3] http://www.networkworld.com/news/2007/rsa07-hq.html
[4] http://www.networkworld.com/newsletters/datacenter/index.html