Centralized management: ignore the user at your peril

Admins must immerse themselves in the complex world of the endpoint

Centralized management has been an everyday part of computing since the era of the mainframe and yet many decades on its design, operation and ultimate purpose is still undergoing a fascinating and restless evolution.

History should have ended with the mainframe: centralizing the management of computing resources was the natural order; simple, time-efficient, obviously cheaper and absolutely predictable. Then a bunch of clever people came up with the microprocessor and its revolutionary progeny, the personal computer, and centralization built on a simple top-down hierarchy was swept away.

The desktop PC was a big enough challenge but at least it sat in a known environment. Add in today’s mobile devices and the way that the distribution of data in real time has come to be fundamental to modern business, and one might pity the notion that an admin sitting in a room full of servers could ever retain meaningful control over anything.

These days there is an understandable tendency to reinvent management as being about protecting data but heed must be paid to the way the PC also brought into existence another increasingly powerful, unpredictable and challenging force – the user.

Today’s centralized management platforms are designed on the assumption that business must serve the ‘user’, whose brainpower and ability to micro-innovate is what fuels every successful organization. If PC management started life as a technical exercise, management in the age of the user is becoming as much a social and political challenge.

The primacy of the user tells us that simply locking up or restricting access to data is no longer realistic, which raises the obvious question: how can the insecure era of users and data be made to work together without turning data security into a free-for-all?

Over the last decade, vendors addressed this issue with what came to be known as ‘point solutions; jargon for products that secured or monitored – managed if you like - one bit of the security puzzle. Many added user management to the mix. As these discrete systems piled up, organizations started to invest in even bigger systems that could integrate all these disparate elements into one console.

Prominent examples include Microsoft’s Active Directory, built to administer Windows environments through user permissions and group policies, and parallel approaches such as McAfee’s ePolicy Orchestrator (McAfee ePO) platform, oriented more towards securing devices or endpoints.

McAfee’s ePO platform stands out as an interesting example of the way that old-style security management is evolving from simply configuring security controls to one in which administrators set out to gain visibility as to how users are behaving under real conditions.

This is a complex world that needs sophisticated tools that can accommodate third-party tools as well as the vendor’s own, another feature of McAfee ePO. Security systems must be integrated rather than isolated to allow the correlation of events between them, if possible in real time. With real-time monitoring comes a greater need for security automation and security information and event management (SIEM) as well as trend-based reporting, the analysis of security events over time.

Better trend analysis in turn feeds back into better policy formation, a learning stance in which security assumptions are constantly assessed against a real rather than idealized view of the world.

Security management is not, then, simply about designing policies which are defined against a static division of users into different roles, responsibilities and rights. Admins need to see what users are actually doing, adjusting, re-assessing, and tweaking policies so that they keep up with constant change. Policies are always in flux because the world is constantly changing.

The attraction of an endpoint-oriented view of the world is simply that it gives admins insight into the place where users interact with data and applications and which therefore generates most quantifiable security risk.

Even as these ideas enter the mainstream, it is still worth reminding ourselves that in a surprising number of IT setups the endpoint and the user are still largely invisible, only noticed should something obvious actually go wrong. Without a change of heart and more insight into this world, we should assume that the long periods of calm are not as reassuring as they seem.