VPN Haus recently talked to Rob Shein, a Washington, DC-based IT security expert. Shein gives us his perspective on managing IT security for organizations.
VPN Haus: Let’s start basic. How do you prevent users from tampering with policy settings?
Rob Shein: Most technical solutions with policies that can be defined at a central management point also have the ability to lock them down, so that only administrators can change them. If you’re using a product that doesn’t have centralized policy management…replace it.
VPN Haus: That’s a good point. Let’s talk more about why is centralized management so crucial for IT management.
Shein: Centralized management is crucial for IT management for a number of reasons. The first is simply a question of scale; without a central point for control over functionality, the cost of operating an IT environment will grow horrendously as the environment grows in size. Imagine configuring Cisco switches by having to keep track of separate logins and passwords for each one, as well as documenting each one’s configuration using Notepad. Just keeping things operating would be a nightmare.
Then, add to that the challenge of ensuring that system drift doesn’t occur, ensuring that systems are configured and operating as they should be; this challenge has a real monetary impact on it when compliance comes into play, and audits need to be performed. Both the cost of the audit and the risk of being found in noncompliance go up. Last of all, there is the increased effort and risk of changing an environment, either as part of an integration project or addressing a security risk across the enterprise.
VPN Haus: With the remote access landscape changing so rapidly, sometimes IT administrators have to make quick changes “on the fly.” What should they take into account when doing this?
Shein: IT administrators should never make changes “on the fly,” but should work with change control. The larger the environment, the more important this becomes, as there are more and more dependencies and less obvious ramifications from certain kinds of change. The wireless landscape may change quickly, but the actual installed base of technologies in any enterprise doesn’t change at the same rate.
View Rob’s LinkedIn
[tweetmeme source=”vpnhaus” only_single=false]