ESG's Edwin Yuen provides his thoughts and predictions on the importance of systems management with today’s security threats, and on the three core systems management functions needed to address these threats.
Read the related ESG Blog: Systems Management With Today’s Security Threats
Hi, I'm Edwin Yuen, ESG Senior Analyst for Systems Management, Data Protection, DevOps, and PaaS. And today I'd like to talk a little bit more about the role of Systems Management in today's security environments and with today's security threats.
What we're seeing is that, security concerns within the IT space now span across pretty much everything that IT can touch. It'll go from devices to data to applications. The core here, is that IT operations and the IT group really need to understand everything that they have, what it is doing, and what they can do in order to resolve the situation.
With the recent attacks that we saw with Meltdown and Spectre, we saw the need to access everything from physical devices to operating systems across the board, and not just think about the applications or the potential ransomware that attacks on data. So, what we see is an increased need for Systems Management to have a better understanding, and to really help IT work with the systems they need to protect across all of IT.
Now, what really...we think about when Systems Management...it's not just a concept, but there's a lot of key functions that it really needs. So, if you have any sort of Systems Management software, where you're managing endpoint devices and servers, operating systems, or scanning disks, you really need three core functions.
First, you need inventory. You need to fundamentally understand what you have. A lot of solutions out there right now allow you to enter information or reach an existing server that has some inventory i nformation. But the best Systems Management environments out there have the ability to go and find your inventory and discover systems that you may not know about, which are really the ones that are potentially the most vulnerable.
Second, you need status. You need to understand what you have. What's the current status of the system? In the past, we often called it "drift control." So, I knew what it was before, setting it to a known good, and then seeing if it drifted away. But fundamentally, you just need to know how my systems are doing, how can I understand it so I can understand and know. Is there a problem with it? Is it under threat? Or has it already been compromised?
The third one is, really, action. What we mean by action is, not only do you need to know what you have, and whether or not you have issues and you need to fix it, but you need to fix them. Often, many solutions right now say "We can go ahead and fix the problem," but effectively, they spawn it to another application or another system in order to actually perform the action. Fundamental Systems Management really should have an action component, so it could remediate and fix, and then continue to hold on to the corrected status, which then feeds back into both inventory and status.
So, in today's security-conscious environment, Systems Management becomes incredibly important. And having the full feature set, having inventory, status, and action, are going to be critical for all the different software systems to manage all the different environments that IT has to manage today.
I hope you found this video blog helpful on understanding why Systems Management is so critical in today's security environment.