Defining the Health of System Security and Well-being
Clients want to know how their infrastructure is doing — hearing from word of mouth that everything is under control isn’t usually enough. Client confidence hinges on an IT infrastructure that is secure and functions as promised. A visual report provides both perspective on current purchases and willingness to stay current on with product innovation through future upgrades.
This confidence in IT is most times directly tied in some way to the idea of “healthy systems.” So how do IT professionals establish what is healthy or unhealthy and deliver that idea back to a client accurately?
In order to convey that systems are functional or secure, we must first define a healthy system. Similar to the life of a person, the life of a server or computer is unique to its job or function. We can gauge this baseline from several sources. Each program on the server or PC can be leveraged by a malicious source or bogged down by age or outside factors. We can usually rely on vendors as to what the recommended or minimum usage is for an application or security configuration, creating a baseline.
Specifying resource and security needs during a new device setup can be accomplished with a fair amount of confidence. There shouldn’t really be any worry that the device can run all necessary programs without issue during its initial few weeks or even months. All software is up to date with the latest security definitions and patches. Everything is healthy and ready to increase productivity within the organization and hopefully lead to increased profits.
Just as life changes for humans, so does the server or computer. New services and software are added, new security holes are discovered that need to be plugged, and hardware starts to show its age often times limiting security measures. The idea of “healthy” is changing from “new and current” to maintaining what was originally promised when the product was delivered in an ever-changing environment. Healthy productivity and security must be sustained through action and maintenance as patches must be applied, new hardware upgraded, or perhaps even replaced to keep that promise of productivity and security health.
Maintaining the health of a device or organization is the primary job both of alerting and monitoring. Monitors are set to leverage both external software sometimes called agents, and diagnostic output of installed programs. While a monitor may listen to many parts of the program or devices’ behavior, thresholds are set on what behaviors are considered “unhealthy”. Alerts are created to tie a machine log to a human response, prompting someone to resolve the behavior and return the program or device to a healthy state.
Just like a human body, a computer has many working parts and all those parts have variations in behavior. Although sometimes a device can be considered in an unhealthy state by having a security gap or missing patch, just band-aiding that gap in a critical device can make that device even more unhealthy. Taking the server out of production can sometimes outweigh that need at least in an immediate time frame.
A device missing security patch for a known security issue may not cause an immediate loss of productivity but allowing a virus into a network could have severe detrimental effect on productivity should data either be compromised, lost, or services stopped from functioning normally causing a loss in revenue for the client.
There are many possible scenarios and possible alerts. A system administrator or security analyst must discern what alerts should be actionable and what alerts could be collected and resolved on a normal maintenance schedule or even possibly ignored all together. To answer these questions, we look back and think of the goal of monitoring. The goal of any maintenance team is to ensure proactive productivity and confidence in IT infrastructure.
Maintenance and security work together as they both strive for a continuance of productivity both for IT infrastructure and for the client’s profit and survival. Ensuring that a proper and monitored automation of alerting is in place for all products, hardware, and infrastructure is crucial in maintaining client confidence.
Like good doctors, IT professionals do their best to keep the client informed of all ailments in order to keep a secure and productive system. It often comes down to the client to decide the level of risk of health they are willing endure. One must weigh this risk against a potential loss of production in the short term. Ultimately, regular maintenance and compliance ensure long-term system health.