Consolidation Factors in Business Planning
organizations large and small have initiated or continued data center consolidation projects. Unlike some other IT initiatives, the benefits from this exercise are clear and well-documented, and include both economic and operations advantages. the unanticipated side effects of data center consolidation and consider a proactive strategy for mitigating those risks prior to completion of the product.
Risk Factor 1: Information Risk
Data center consolidation represents an incredible concentration of information on an infrastructure that’s highly accessible. Remember that not all data is created equal, with some being much more sensitive than others. However, because the economics of the new data center are so compelling, there is now a much broader variety of data within it. research, financial information, and intranet content, and you have terabytes of growing and disparate information all residing within the same data center. The capacity of the new data, along with the continued, rapid growth of information, challenges its ability to be effectively controlled.
Risk Factor 2: Asset Risk
Which assets contain the sensitive information? Great question, especially when we mix in server virtualization and storage area networks (SANs). The benefits of the afore-mentioned technologies are great, but it remains a challenge for most organizations to identify assets which contain some of the critical information we highlighted in Risk Factor 1. This is a major compliance challenge, as identification of critical assets is just as important as identifying the data which they contain.
Which assets contain the sensitive information? Great question, especially when we mix in server virtualization and storage area networks (SANs). The benefits of the afore-mentioned technologies are great, but it remains a challenge for most organizations to identify assets which contain some of the critical information we highlighted in Risk Factor 1. This is a major compliance challenge, as identification of critical assets is just as important as identifying the data which they contain.
Risk Factor 3: Access Risk
Organizations often have a vast array of not only authentication techniques, but also of authorization methods. Depending on their information, different assets might require different access methods, which may in turn be incongruous with other technologies in place. To overcome access challenges, numerous technologies are thrown at the problem. These include but are not limited to router access controls, virtual LANs, firewalls, single sign on (SSO), intrusion detection, etc. Whether the information is distributed, concentrated, or virtualized, getting the policy in place for managing access remains a challenge.
Risk Factor 4: Audit Risk
Aggravating these challenges are the ever-increasing audit requirements.It doesn’t matter whether you’re a privately held entity not controlled by the Sarbanes-Oxley Act, or if you just have sensitive information, you’re going to have to prove that you have the requisite controls in place and that they’re working. Even within a consolidated data center, collecting information is difficult, especially since audit information may have to be correlated with other information outside the data center. Activating specific auditing functionality within point products might not only result in large log files and trigger a number of events, but may in fact impact operational and transactional performance as well.
Moving forward, it’s imperative for a broader array of stakeholders to be involved in the up-front efforts to tackle the risk factors. Though technology is evolving to address these issues, it does not preclude the need for cross-functional planning and a candid assessment of requirements.
No comments:
Post a Comment