Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are you failing Security Basics 101?

Mary Branscombe | April 7, 2016
Patching, backups, firewall configuration … when it comes to security, make sure you take care of your infrastructure before you invest in next-level tools.

The system will check itself as part of the update, he says, using the same Test in Production system it will use to avoid configuration drift. "How do you know the system has deployed correctly? Six months down the line, how do you know it's still configured well? TIP is a series of scheduled tests for that. And when we use automation to patch the system, we run TIP to check the system is healthy, then we patch it and then we run TIP again so wee that we got what we expected."

That won't be disruptive and it shouldn't involve scheduling downtime. Before Azure Stack, Tewari worked on Microsoft's Cloud Platform System, a hyperconverged appliance built with Dell hardware running the Windows Azure Pack. "For CPS, we release three patches a year. We can patch a customer on premise without bringing down their workloads," says Tewari.

For your existing servers, there are plenty of tools for avoiding configuration drift in a more automated way, like a combination of Upguard's Guardrail to look for changes in configuration over time, or between different servers, PowerShell Desired State Configuration scripts to apply the right configuration and Pester to run integration tests to make sure that configuration does what you want it to.

Doing that kind of configuration management at scale, as a service, is what Microsoft's Operations Management Suite is designed for. It's a mix of automation (including backup and recovery) for Windows Server, Linux, VMware, Azure, AWS and OpenStack, with security and compliance tools and log analytics that let you see how well you're doing at the basics, like applying patches and getting configuration right. "It's helping IT have a deeper view that makes their world easier," claims Microsoft's Jeremy Winter.

Skills gap continues to be a problem

Some of that is analysis you could already do with a tool like Splunk, but many customers didn't have the expertise for that, he found. "I asked customers 'why aren't you using big data? Why don't you have big analytics systems?' and they told us 'I don't know how to make head or tails of the all data in there; I'm not a data scientist, I'm not the expert that can string this all together, I'm busy at my own job,' and that's where the readymade solutions came from," Winter explains.

"This correlation between what's changing, this correlation of configuration and understanding the desired configuration state of your environment, and then overlaying that with security, compliance and everything else; it's not an individual bunch of siloed tools; it's a mashup of that information that's where you get the power. You bring all your data into this environment and you start to have a nervous center for all this information, so you can correlate across it."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.