Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Community > E-Bitz With Susan Bradley
E-Bitz With Susan Bradley
Four Tools To Manage Your Enterprise System
By: Susan Bradley

Management.

 

It’s a word that evokes many images, but what if the very tool, or process you chose to manage your systems, could also be a source of risk for a firm or organization?

 

Today, enterprises use various tools to manage networks, but there are times when these same tools need to be evaluated for the risk they may pose to a network. Each time you add software to help you manage systems, you also add the potential for risk; each new piece of software that aids in system management could also introduce a means to enter that network. As you ensure you connect and manage the entire network as a “unit,” you should understand that this process also introduces exposure to risks you didn’t have before.

 

Conversely, Enterprise System Management tools (#15 on the 2007 Top Technology Initiatives) can make your network deployment and management easier, providing the benefit of network dashboard views, alerting you to potential issues and giving you the ability to manage rather than simply putting out fires.

 

Here are four different Enterprise System Management Tools that may bring risks and benefits to a firm that you might not have considered:

 

Antivirus

Recently, the SANS Institute (SysAdmin, Audit, Network, Security) released its annual list of Top 20 security risks, including antivirus software as a risk to a network. While everyone would argue that antivirus tools should be on an enterprise system, how can you mitigate risk surrounding the very tool you choose to help you keep you safe?

 

Choose multiple vendors. Choose one vendor for your workstation and another for your gateway protection. If one application is vulnerable, chances are that a second application will not be vulnerable at the same time – thus mitigating this issue.

 

Network Access Protection

Windows Server 2008’s newest addition to managing systems is a service that gives the network the ability to check the health of the systems connecting to the network. Want to limit the systems that connect via Virtual Private Network (VPN) to only those workstations that are fully patched, running antivirus, with the firewall on or other policies you deem appropriate?

Network Access Protection, or “NAP,” is the tool for you. New in Server 2008, it is focused on the policies of the network, but is not necessarily a security tool because it can be used to report on compliance. Designed to keep an eye on workstations that are healthy versus those that are not, even in the reporting-only mode version of the Server, the system alerts the users of the workstations as to their role in the health of the network. As a result, having an Enterprise System Management tool whose job it is to place more emphasis on policy and enforcement of policies, may provide you with greater management of the network.

 

WSUS

Windows Software Update Services (WSUS), or any patch management tool for that matter, is a means to deploy and control software updates to multiple workstations across a network. However, as with any software distribution deployment system, you should be aware that deploying software brings risks to a workstation. There are times that these systems can introduce unwanted change into a system.

 

Back in October, WSUS accidentally deployed a patch for Windows Desktop Search that installed it on all workstations in an organization where the original patch was approved. Even if the patch was only deployed to one workstation, this update in October 2007 was released to all workstations causing issues across the network.

 

While the WSUS Blog was apologetic, the fact was that administrators had to scramble to remove the patch. When a tool you rely on does not perform in the manner in which it is expected, the administrator has to go back and reevaluate the change management process accordingly. Does the administrator change the company’s processes in response to the changed behavior of the tool? Possibly.

 

When relying on Enterprise System Management tools, always reevaluate the processes used with them on an appropriate basis – annually or even quarterly – or on an as needed basis to be more flexible with your tools and needs.

 

Kaseya

Kaseya is a Web-based portal used to install agents on all of the workstations in the network, including roaming laptops. With this portal the administrator can use the Web console to keep an eye on all of the assets of the network, including deploying patches, monitoring audit logs, reviewing system health and other key processes. Having the ability to manage workstations with a single dashboard means that you can better support a network with less onsite staff.

 

While there are still needs for physical access to a system, the bulk of the debugging and fixing needed for desktops can be done remotely with staff who are not physically located in the same location of the systems. As a result, you can ensure that the needed technical staff are available for maintaining the network, but not necessarily are needed to be in the various geographic locations of your network. These types of tools give an organization the ability to free up staff to work on more advanced deployment projects, rather than running around putting out fires. Managing systems with remote access and tools are key to effective Enterprise System Management.

 

Evaluate Your Own Needs

Four different tools. Four different views. For each application or tool used in Enterprise System Management, each one has the ability to add a great deal of control and protection to your network. If deployed incorrectly, each one also could destabilize a network and leave a company facing more uncertainty, not less.

 

The key to using each one for the good of the network is to take the time to understand and deploy each tool or application appropriately. Enterprises and the technology management tools to support them are not built overnight. Choosing the proper tool and gaining the needed training for proper implementation are crucial. Above all else, ensuring that even after such tools are deployed, a reevaluation process where the policies and processes used by administrators in the network are reviewed to ensure that the process is still appropriate and necessary, is mandatory in planning such deployments.

 

Top Technology Initiative #15: Enterprise System Management

Tools and strategies that enable administrators to centrally patch, manage, upgrade and maintain applications and operating systems across an enterprise. May also include use of digital appliances: specialized, often pre-configured, appliances that address specific network or corporate needs, and significantly reduce the deployment and maintenance time traditionally involved with providing these services.

 

Return to Table of Contents
Susan E. Bradley, CPA.CITP, MCP, GSEC, is a principal with Tamiyasu, Smith, Horn and Braun in Fresno, Calif. Contact her at sbradcpa@pacbell.net. Note that the opinions expressed here do not reflect an endorsement or recommendation from AICPA.
Copyright © 2007 by the American Institute of Certified Public Accountants, Inc., New York, New York.