I may have solved the problem about the global shortage of doctors and law enforcement officers. They’re all on television. It seems no matter what channel you switch to these days there you have it, yet another crime is solved or another mystery illness has been dealt with.
If only the World Health Organisation had Dr. House we wouldn’t have to worry about Swine Flu. I’ve got to the point where I refer my GP to different episodes to help diagnose a problem. Obviously he wasn’t good enough to make it on TV so now he just works at a local practice!
But the plethora of programs to keep everyone healthy has a major downside. By the time you watch them all you end up need a whole variety of equipment. So apart from the TV, we now have a digital receiver, a DVD player/recorder, the good old video recorder, and finally the surround sound system so you can get all the glorious sound affects of open heart surgery! It means that that you now have to master at least five remote controls just to watch one program.
And when you look at your average networking department it’s a similar story. The administrator today makes your average forex trader seem like an amateur when it comes to watching multiple screens. Firewalls, routers, UTM devices, IPS, IDS, and then you have your “shapers”, “filters”, “optimisers”, “accelerators”, “leakage preventors”, “email scanners”, in fact the list is endless, and each and every system has its own unique management station, and its own unique way of reporting what’s going on.
To support rapidly changing business requirements, enterprise networks are continuously growing in terms of number of components and the rate at which changes are made to each component. Networks are also very diverse, made up of solutions from multiple vendors. Security administrators do not have an effective system for security policy management throughout the network. They monitor each network device separately, often through inaccurate, manual processes.
This inevitably increases instances of network misconfiguration, which in turn increases exposure to security threats, regulatory compliance failures and downtime.
Groups like the Jericho Forum have for the past few years promoted de-perimeterisation and I believe that they have identified a very important issue for the IT security vendors. Jericho Forum commandment #5 states that “All devices must be capable of maintaining their security policy on an untrusted network”.
I would remove “untrusted” since any network should by default be considered “untrusted”, but the question is how do you effectively maintain security policies when they are spread across multiple devices, with no consistency. Add to this that I am now more likely to be sharing devices with my business associates.
For example how can I be sure that I am protected when my data passes through another company’s security infrastructure? How can I provide my business associate visibility of our joint security policies, etc.
The bottom line is that security vendors have to be willing to open their systems to allow IT administrators to generate automated audit reports for all security and network devices from a single console. This is not a call to replace all management stations with a single solution. This has been tried by a number of vendors who end up producing some kind of “jack of all trades” box which generally is unstable and unscalable.
Everyone recognises that the management station of a particular vendor is part of their overall value proposition. But every organisation needs the ability to maintain their organisational and device security policies at a central point and have the ability to be alerted in real time when a policy breach occurs. Products need to be easily customised to support additional devices and vendors from a single interface, and provide a unified view of devices from multiple vendors.
This can only be achieved if vendors are willing to provide an open platform that enables customers, integrators, and other vendors to develop plug-ins for their solutions.
Coming back to my TV issue, I recently bought one of these remotes that manage loads of devices. So instead of having five remotes on the chair I now have one. It doesn’t do everything but it gives me control over the day-to-day operation of my entertainment and that’s exactly what we need in the IT security space.
Solutions that provide an open interface that allow users to monitor their systems from a single console and allow them to centralise the change management of their security and network devices. Now if we could just get Dr. House on ER we’d solve all the world’s medical problems!