Search This Blog

Wednesday, August 31, 2005

Security, compliance and management converge

NETWORK WORLD NEWSLETTER: SCOTT CRAWFORD ON NETWORK/SYSTEMS MANAGEMENT
08/31/05
Today's focus: Security, compliance and management converge

Dear security.world@gmail.com,

In this issue:

* What the convergence of security, compliance and management
  means
* Links related to Network/Systems Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111652
_______________________________________________________________
TROUBLE IN PARADISE?

As technologies such as VoIP emerge to advance networks, many
believe the tools to manage them are falling behind. Traditional
management software models simply can't keep up with the rate of
real-time change that today's applications sustain. Is there a
solution pending or should network managers rely on their own
innovations? Click here:
http://www.fattail.com/redir/redirect.asp?CID=111607
_______________________________________________________________

Today's focus: Security, compliance and management converge

By Scott Crawford

The convergence of security, compliance, and management has
become a significant area of focus for Enterprise Management
Associates.

On Sept. 8, I'll be hosting an EMA Webcast that takes a look at
some of the ways this convergence is shaping the managed
enterprise (more information about that below). Until then, let
me whet your appetite for this event by giving you some examples
of why this trend is something the enterprise should know more
about.

Beyond the core benefits of centralization and automation are
even more significant ways in which security, compliance, and
enterprise management combine to provide maximum value. Using
tools such as vulnerability management to inform and define
software management priorities, for example, has revolutionized
many approaches to systems management.

More recently, we've seen security management tools increasingly
integrate remediation functionality themselves. This represents
the logical next step in their evolution, since closing gaps
completes a lifecycle approach to security and compliance
management.

However, when this task touches on business-critical
functionality, it is not something undertaken lightly. Patch
management is perhaps the best-known example of this - but that
raises the thorny issue of automating systems reconfiguration in
response to a security event. No one wants to be responsible for
deploying the "Mother of All Denial-of-Service Vehicles"!

Because of these and other factors, we are seeing three primary
ways in which security and compliance are converging with
management.

First, when security and compliance issues are central, or when
security and compliance products have a more mature concept of
the relevant issues, they are best positioned to directly manage
critical functionality themselves. Identity-based access
management fits into this category - but increasingly, so do
emerging tools like policy management systems that address a
wide range of policy-dependent issues.

Second, when there is compatibility between security and
compliance tools and enterprise management, remediation may best
be negotiated between their respective strengths. This is the
meeting ground of evolving integrated products such as endpoint
compliance enforcement systems, and next-generation security
event management systems.

Third, when an enterprise management product has principal
responsibility for critical functionality, extending its
capabilities in security and compliance management may make the
most sense, particularly when it adds to the return on
investment of the management product and reduces the need for
other security- or compliance-specific expenditures.
Configuration and change management software is an example of
this group, which can be further enhanced with greater
integration of identity-based controls.

We'll go into a lot more detail on these topics and even more
examples on Sept. 8 at 4 p.m. Eastern/1 p.m. Pacific. I invite
you to join us for this event by registering here
<http://www.emausa.com/ema_lead.php?ls=securityNWW0905>.

Next week in this space I'll talk about some of the gaps in this
trend, which will give you an idea of what to look for in the
new and emerging ways in which security and compliance are
converging with enterprise management.

The top 5: Today's most-read stories

1. 2005 salary survey <http://www.networkworld.com/nlnsm3898>

2. Google dives deeper into networking
<http://www.networkworld.com/nlnsm6209>

3. Cisco aims to simplify switch mgmt.
<http://www.networkworld.com/nlnsm6210>

4. VoIP season about to heat up
<http://www.networkworld.com/nlnsm6211>

5. A proposal for governing the 'Net
<http://www.networkworld.com/nlnsm6212>

Today's most-forwarded story:

VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nlnsm6213>

_______________________________________________________________
To contact:

Scott Crawford, CISSP, is a Senior Analyst focused on IT
security, systems and application management with Enterprise
Management Associates in Boulder, Colo., an analyst and market
research firm focusing exclusively on all aspects of enterprise
management systems and services. The former information security
chief for the International Data Centre of the Comprehensive
Nuclear-Test-Ban Treaty Organization in Vienna, Austria, Crawford
has also been a systems professional with the University Corporation
for Atmospheric Research as well as Emerson, HP, and other
organizations in both public and private sectors. He can be
reached at scrawford@enterprisemanagement.com
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111652
_______________________________________________________________
ARCHIVE LINKS

Archive of the Network/Systems Management newsletter:
http://www.networkworld.com/newsletters/nsm/index.html

Management Research Center:
http://www.networkworld.com/topics/management.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP

For the latest in VoIP, check out NW's Research Center on this
very topic. Here you will find a collection of the latest news,
reviews, product testing results and more all related to keeping
VoIP networks performing at their best. Click here for more:
<http://www.networkworld.com/topics/voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html

_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: