There are many short-hand ways that industry observers use to characterize our times. Familiar examples include terms like “Internet Age.” We are also aware of the impact of multiple IPs (Internet Protocol, intellectual property, instantaneous presence) and how such terms along with social media and mobility are employed to describe current macro trends. That said, however, a good characterization of the times in which IT asset management professionals live is “The Age of Policies and Rules.”
Why? The answer is because without P&R there is only chaos. The computing and communications utility infrastructure we so heavily rely on cannot work for us if we are not intensely focused on permissions, authentications, verifications, real-time administration (mediation and remediation), and the ability to use powerful analytics to “keep the peace,” respond quickly and effectively, proactively prevent catastrophe’s and provide actionable business improvement insights.
Policies and rules are needed over a broad expanse of people, things and processes. These range from activities at the enterprise level, the LOB level, real and virtual work groups, individuals and ultimately to individuals’ hardware and the software on those devices.
The challenges for IT are increasing
IT asset managers every day are attempting to cope with the increased risks to their enterprises. These are arising not just from the intentional actions of bad actors (internal and external), but from the ways risks have ratcheted up from the advent of the bring your own device (BYOD) phenomena and the general “consumerization” of IT.
More people and personal devices, accessing more information via social networking, mobile apps, open source software and other “freeware” via the Internet and the cloud, have raised IT’s blood pressure. With the increase in business process automation, more machines are interacting with each other as well, and all levels of the stack need to be watched.
On top of this is the intensification of the need to protect corporate assets from attack and the need to insure the enterprise is coping correctly in all aspects (monitoring, storage, etc.) to a mind-boggling series of compliance requirements. As icing on the cake, the management of this complexity comes at a time when there is an expectation that more be done with less. The task of IT is to not just assure the high-performance of the computing and communications utility under their care, but also that performance not be compromised.
Unfortunately, even some of the most sophisticated organizations struggle to keep up with policy management and enforcement. Putting aside the issues with bad actors, the old tools just cannot seem to do the job, or the lack of a comprehensive capability can present obstacles even given the best of intentions. Reality is that the ease at which everyone, employees, and even managers, can exceed their “authority,” i.e., “break the rules” appears to be increasing exponentially. For example, that bad version Angry Birds on your iPhone (News - Alert) when hooked up to your company’s Wi-Fi network behind the firewall has the potential to wreak havoc. In short, knowing what everyone has, and what people, processes and devices are allowed to do, and monitoring and policing things to mitigate risks has never been more important and without better tools and a holistic approach some might argue more problematic.
Getting a firm grip
The bottom line is there must be a process for managing policies, and there must be the right tools for monitoring and enforcing them in a consistent manner. In fact, consistency is the hallmark of an effective, agile organization.
As stated, the challenge for IT is that with thousands of systems logging onto and off various networks in multiple networks, it isn't feasible for IT to manually touch every machine, ensuring it is in compliance with all IT policies. In fact, as the amount of managed systems grows so does the need to properly monitor compliance and mitigate risks through comprehensive policy management and enforcement.
As an IT asset manager you need to know high-level and granular things such as:
- What policies get applied to which systems?
- What if a user inadvertently makes a change to the system?
- What about new systems?
The good news is there are answers to your questions, and the industry is now creating solutions that meet your needs. On July 17 you are invited to join me and Gerald Beaulieu, Director Product Marketing for Kaseya (News - Alert), for an insightful webinar, “Taking Policy Management to the Next Level.”
The focus will be on how to:
- Ensure distributed systems are in compliance with IT policies or recurring services
- Streamline the process of applying and updating policies to multiple machines
- Achieve greater confidence that distributed systems are secure and in compliance
- Manage network policy enforcement of machines groups depending on security risk, business use or service level
- Allow new machines to automatically inherit policy settings without any intervention
There is no denying that concern over the creation and enforcement of policies and rules dominates and will daily concerns of IT professionals now and is only going to increase in importance and complexity going forward. Getting a firm grip on how to meet those challenges, and exposure to best practices is a good way to be not just forewarned but a step in getting fore-armed.
Edited by Braden Becker