NETWORK WORLD NEWSLETTER: ANDREAS M. ANTONOPOULOS ON THE DATA CENTER 09/21/04 Today's focus: Organizing data center security operations
Dear [EMAIL PROTECTED], In this issue: * The role of a security operations crew * Links related to Data Center * Featured reader resource _______________________________________________________________ This newsletter is sponsored by APC Measuring Total Cost of Ownership? Free white paper! Improve your methods for measuring TCO of data center and network room physical infrastructure and relating these costs to the overall IT infrastructure. http://www.fattail.com/redir/redirect.asp?CID=81269 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on Mobility, IP Telephony Security, the State of Wireless LANs and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=81386 _______________________________________________________________ Today's focus: Organizing data center security operations By Andreas M. Antonopoulos Many enterprises are developing internal groups to run security operations, known as "sec-ops." These groups are responsible for monitoring and responding to security events. To ensure their effective operations, putting the right organizational structure in place is critical. There are, broadly speaking, three disciplines in enterprise information security. Governance is concerned with the evaluation of risk and the definition of enterprise security policies. Security implementation is the discipline of converting security policies into technical implementations. Finally, audit and compliance is the discipline that ensures that policies are correctly implemented and enforced. Organizing the three roles under a single group that's distinct from data center architecture and operations not only isolates security functions in a "silo" but also places the role of audit far too close to the implementers. It's best to align security operations more closely to overall data center operations. A security operations team's main role is monitoring the infrastructure and applications for security events, responding to the events, and conducting "post-mortem" analysis to recommend improvements to security policy or implementation. To be effective against insider threats from system administrators and security administrators, the security operations team needs to operate independently from those implementing security controls - hard to do if they're part of the same overall team. Additionally, responding to a security event requires that it is first identified as a security event. Differentiating between a security event and a network or application failure is often very difficult, especially in the early stages of troubleshooting - so sec-ops needs to work more closely with the overall operations group. The security operations team therefore needs to be part of the operations group, for many reasons: * The tools and protocols used to monitor the infrastructure and ��applications for "unintended" failures are the same as those ��required to detect "intentional" breaches. "Intent" is usually ��determined after-the-fact through analysis of an event. * The skills needed to prioritize response based on the ��business-criticality of an affected application are the same, ��regardless of the root-cause. * Analyzing an anomalous event requires knowledge of what a ��"normal" response looks like. Operations groups have a better ��understanding of the infrastructure as a whole and are better ��equipped to identify anomalies. * One of the most important tools for any operations team is a ��ticketing system for generating and tracking "faults." Such a ��system is also a critical component of a security-incident ��response process. Enterprise IT executives should create a security operations team that is closely integrated with the broader network/systems operations group. The sec-ops team should report to the other security groups (governance, implementation) on a regular basis and especially after an incident "post-mortem." Every security breach represents a failure of security policies or a failure of security implementation. As the watchdog for security, the sec-ops team should provide regular feedback to ensure that security policies and implementation reflect the "lessons learnt" with continuous improvement. The only certainty in the security business is that a lesson not learnt will soon be on the curriculum again. RELATED EDITORIAL LINKS The central nervous system of a data center Network World Data Center Newsletter http://www.nwfusion.com/nldatacenter634 How to deal with the 'porous perimeter' Network World Data Center Newsletter http://www.nwfusion.com/nldatacenter541 How externalization affects data centers Network World Data Center Newsletter http://www.nwfusion.com/nldatacenter542 HP's StorageWorks Grid garners mixed reaction Network World, 09/20/04 http://www.nwfusion.com/news/2004/092004hpgrid.html _______________________________________________________________ To contact: Andreas M. Antonopoulos Andreas M. Antonopoulos is principal research analyst at Nemertes Research. He can be reached at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Nokia NW Special Report: Preparing an Infrastructure for Mobile Applications. Mobility, properly done, increases productivity and decreases operating costs. So get up to date information about building a mobile infrastructure, dealing with security issues, the latest networking options, connectivity alternatives and operational support enhancements. http://www.fattail.com/redir/redirect.asp?CID=81446 _______________________________________________________________ ARCHIVE LINKS Archive of the Data Center newsletter: http://www.nwfusion.com/newsletters/datacenter/index.html Data Center research center: http://www.nwfusion.com/topics/datacenter.html _______________________________________________________________ FEATURED READER RESOURCE ACCESS NW'S IN-DEPTH REPORT ON: BLADE SERVERS Available now is Network World's Technology Insider on: Blade Servers. Find out why early adopters of blade server technology say the benefits aren't science fiction, how blade servers differ by vendor, why blade servers are perfectly suited for today's data centers, review our extensive blade server buyer's guide and more. Click here: <http://www.nwfusion.com/nldatacenter635> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here : http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
