20
Feb

The Excess of the “Admins” and the Data Center Automation

admin-data-center-automation

The same process that leads to business scanning depth also helps to speed up the automation of IT management processes.

Thus, in the digital environment, employees, customers and suppliers interact in increasingly standardized way through developed business applications exactly to ensure this uniformity of processes which is the basis and the springboard for automation.

But if on the one hand, scan means “automate something”, on the other, mass computerization promotes the multiplication of users and applications in information networks, which leads to a large decentralization of processes.

With decentralization, comes the hard need to meet the increasing masses of users, applications and multiple modes of devices such as desktop terminals, smartphones, POS or even code readers in the warehouse or factory floor.

Not to slow the flow of services in this new multifaceted demand environment, it has become necessary to free users to access countless applications and other download facilities, which are always sources of clutter and safety hazard, but without which the end user often reduces its efficiency.

In other words, the new environment of diversity that hit data networks has increasingly pressed the administrator to relativize the process of centralization levels. The question that arise is something like: How not to allow a desktop that install a free application, such that there are thousands of applications on the web, as this application is essential to the efficiency of specific user in everyday business life. As an example, we can mention numerous essential applications for tasks such as VoIP, CAD, virtual meetings, graphics editors etc.

And denying a senior executive free entry of the company in areas of the system that only qualified personnel, passwords holders of “admin” type should have right of access?

This need for release functions associated with the speed at which the data center grows, led to an unusual situation. According to studies, the internal user copy of businesses (and not necessarily the malicious user) is now the point of greatest concern and sense of vulnerability is by the CIO or the security manager.

The data from this survey, around 91% of data center managers believe that these internal users – especially those endowed with some higher access privileges, such as “admin” passwords or similar, are the most vulnerable point of their environments informational.

On the other hand, according to a study by Gartner, 92% of critical vulnerabilities are mitigated as much as possible simply by removing the “admin rights” from the users.

According to the survey, today, about 50% of employees hold some privilege password that allows certain basic actions (however compromising), such as re-configuring the safety profile of a desktop. In addition, 38% – a really significant number – are professional or non-technical executives, third the first step, which have sufficient access privileges so that they can play in highly critical system areas.

Compounding the picture, no less than 44% of community members are outsourced people (the official operator, technician software company, the installer of a switch or technical outsourcing company) receiving temporary privileges and for a almost always justifiable reason, can get to know the most intimate parts of the data center.

The IT industry is currently more evolving, this congenital disease of granting privileges is paradoxically today, the most obvious reason is the need for more automation, since the proliferation of “admins” happens exactly by the granting of tasks to individuals in its sole discretion, define actions that do not necessarily take into account the safety and vulnerability of systems.

So much so that, for 40% of data center managers, the lack of internal users mainly weakens compliance policies, which demonstrates the incompatibility between the standardization of processes and excess privileges over data networks and applications business.

But what are the feasible models for automation on the high complexity of the transaction environments, with its multiplicity of entities, codes, people, processes and applications?

Just as an example, in large companies, there are desktop application for each employee, and many are not cataloged. How to manage this overwhelming amount of applications, not thinking of automation and without beacon productivity with security?

One of the bases of such a process is the strict control of the investments (classifying them as “authorized applications”, “not allowed”, or simply “not classified” – the GreyLists) and allying such control to admin rights management.

The assumption is that, through corporate policies, you can set and define which applications can be installed and executed, without locking the user access profile, but ensuring that their actions are handled (what he can or cannot do) as well as audited and transparent, in order to gauge the productivity and safety.

This approach also suggests that investments and measures aimed at achieving and maintaining compliance start to converge immediately with automation policies, which will generate double beneficial.

First, investments in automation will find immediate justification on a budget matrix which are already active and assimilated, which are requirements of regulatory frameworks of industry, governments and markets.

Second, because the creation and operation of strict controls are required by compliance, will no longer result in rising labor costs (in addition to speed up the process as a whole), replacing this variant of control spending by automation. With this, there will be a containment of accumulation of new assets and a lower future investment warranty and ensure continued compliance.

This gradual elimination of the human factor in information processes, which are becoming faster and more complex is, ultimately, the starting point and at the same time, the finish line for the model of “compliance on automation”.

ESDS

Leave a Reply

RSS
Follow by Email