Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Automated Policies Pull IT, Business Together

CIOs like to talk about translating business objectives into IT requirements, but without a way to tie technology assets to operational goals, alignment won't be as seamless as it could be. Policy-based systems management is a method of automatically allocating resources, such as bandwidth, QoS, and security, according to defined business policies.

To yield an efficiency edge, policies must be implemented cohesively, and that means automation. Yet we're facing a multitude of solutions to small pieces of the policy-management puzzle: 8e6 Technologies launched a stand-alone Web proxy-blocking appliance designed to block proxy use and alert IT of offenders, while Fiberlink Communications' Extend360 allows IT managers to set up policies for mobile workers, including how and when they can connect remotely. While these and other point products certainly solve real problems around policy enforcement, no one wants a patchwork of tools. As new standards and best practices emerge, software vendors must respond with scalable, cross-technology offerings that manage and enforce policies throughout the enterprise. That's especially important given the multitudes of regulatory bodies that have swamped organizations with lengthy and sometimes vague requirements that are difficult to translate into real-world actions.

Until vendors bring us a perfect policy-management world, the best way to unify your approach from the desktop to the data center: Follow the risk.

For example, dual drivers for policy enforcement on the desktop are regulatory compliance and reducing costs. Say your corporate policy warns users against visiting gambling or pornographic Web sites, using profanity in e-mail, or installing chat programs. The ultimate purpose of these controls are to protect the company from security breaches, lawsuits and reduced productivity.
Our top five areas where policy automation will pay off in risk reduction: password control, desktop environments and software installation, Web content filtering, data security, server log monitoring, and change and configuration management. We'll zero in on a few areas where vendors are stepping up.

Security Vs. Compliance
Within the data center, policy revolves around two equally critical goals: securing servers running a variety of operating systems, and meeting requirements like PCI and Sarbanes-Oxley. Typically, enterprise software configuration management systems act as, or gather data for, a central repository, such as a CMDB, for managing and tracking datacenter activity. While a recent InformationWeek reader poll indicated that 23% of respondents still use a combination of spreadsheets, Visio diagrams and databases to monitor configurations, this simply won't scale-ad hoc policy tracking systems must be updated manually, a situation that opens the door for inaccuracies as well as incompatibility with other applications. Fortunately, there are some promising products emerging in this space that attempt to bring policy management into focus.

  • 1