Documente Academic
Documente Profesional
Documente Cultură
www.novell.com
Business White Paper
IT MANAGEMENT SOFTWARE
2 . . . . . Choosing Integration
4 . . . . . Addressing Governance,
Risk and Compliance
p. 1
4622070.app 7/24/08 11:32 AM Page 2
Simplifying Management
Across the Enterprise
Many IT administrators Your organization has a dizzying number we provide a set of policy-driven components
see security and systems of platforms, directories, systems and appli- to automate routine security and resource
management as separate cations—all requiring your attention and management issues.† These components are
functions. Most IT administration. You know you need to man- completely integrated, working together to
departments still age this complex infrastructure correctly, address the management challenges your IT
reflect this division. or your diverse resources will cease to be department faces. It’s a solution that allows
assets, and instead become a serious drain you to spend your time and resources on
on administrative time and budget. And even what really matters—growing your business.
worse, if the management program you
deploy isn’t comprehensive, unsecured Choosing Integration
devices can expose your systems to
Many IT administrators see security and
significant security issues.
systems management as separate functions.
This is because, in the past, systems man-
So how you can you integrate and automate
agement has included tasks such as physical
fragmented management tasks while address-
device inventory tracking, device configuration
ing a full range of governance, risk and com-
and provisioning, software license monitoring,
pliance (GRC) issues? You can choose the
patch installation and upgrade deployment;
security and system management solution
whereas, security management has included
from Novell . It’s a solution that helps you
®
identity access management and the ability
secure and manage your enterprise from the
to prevent threats, intrusion and malware.
desktop to the data center—and you benefit
almost immediately as you lower costs,
Most IT departments still reflect this division.
reduce complexity and mitigate risk.
One group is concerned with system manage-
ment questions such as, “How do I deliver
In theory, the formula for achieving these
application X to device Y?” and a separate
benefits is straightforward:
group is concerned with security management
Integration + Policy-driven Automation = questions like, “Which users of device Y
Simplicity should be granted access to application X?”
In reality, such a formula can be difficult to This two-group approach doesn’t reflect
deploy—and this is where Novell can help. the dependencies that exist between security
_______________________________ We implement the formula through a com- and systems management. The following
† These components are listed mon, enterprise policy store that ensures diagram shows the intricacy of these
at the end of this paper. uniform execution and consistency. Then, dependencies:
p. 2
4622070.app 7/24/08 11:32 AM Page 3
In an integrated system,
the upgrade would be
deployed automatically in
response to the security
warning, keeping both
teams productive and
protecting the system
at the same time.
Figure 1. Historically, system management and security have been viewed as separate functions, but as this
diagram shows, there are numerous dependencies—a strong argument for the superiority of an integrated approach.
Failing to address these dependencies can because they are unaware of the potential
lead to situations where both the security breach. In an integrated system, the upgrade
and systems management teams are doing would be deployed automatically in response
their jobs, but many problems are not to the security warning, keeping both teams
addressed because the groups don’t work productive and protecting the system at the
together effectively. For example, an intrusion same time.
detection tool operated by the security man-
agement group notes anomalous activity at a Another example of the efficiency of an
user endpoint, indicating a potential security integrated system is a security monitoring
breach. The security team is completely system detecting a user, without clearance,
unaware, however, that the systems manage- attempting to access sensitive data. In this
ment group already has an upgrade available case, business policy would be automatically
to prevent the breach. The systems manage- enforced to modify the user’s access pending
ment group, in turn, has the upgrade, but is an internal review.
delaying its deployment in favor of other tasks
p. 3
4622070.app 7/24/08 11:32 AM Page 4
Addressing Governance,
Identity and system management from Risk and Compliance
Novell provides a comprehensive solution Identity and system management from
for addressing governance, risk and Novell provides a comprehensive solution
for addressing governance, risk and
compliance (GRC). compliance (GRC):
p. 4
4622070.app 7/24/08 11:32 AM Page 5
Management, the rights-distribution process words), helpdesk calls associated with Eliminating manual
can be automated (with the option for semi- password resets can be reduced anywhere tasks translates directly
automated or manual workflows). This elimi- from 30 to 90 percent. into cost savings for IT
nates an enormous amount of tedious and organizations by reducing
error-prone manual labor. And when security Risk the number of hours
management and systems management required to equip users
Today’s organizations don’t want to assume
are integrated, workflows can provide the with the correct machines
unnecessary risk. That’s why many of them
appropriate machine images and capabilities and the appropriate
are turning to Identity-driven Security and
to users’ desktops, laptops or mobile access rights.
Resource Management.
devices. An integrated system also provides
their access rights, which eliminates even
Improve Risk Management
more work. The end result is enhanced
Security is a huge component of risk
IT efficiency and a better experience for management for IT organizations, with
your end users. sensitive data protection and disruptive
exploit prevention topping the list of chal-
To further simplify administrative processes lenges. But Identity-driven Security and
and reduce the governance burden, an Resource Management ensures a fully
inheritance feature is available to automati- coordinated response to all types of
cally grant a specific set of resources and security-related exploits.
rights to all the employees in a particular
supervisor’s work group or business unit. To protect sensitive data, Identity-driven
Security and Resource Management auto-
Reduce Costs matically ensures that access to sensitive data,
Eliminating manual tasks translates directly applications and other computing resources
into cost savings for IT organizations by is granted only to authorized individuals.
reducing the number of hours required to
equip users with the correct machines and It can also help you improve risk manage-
the appropriate access rights. ment through integrated security and event
monitoring. It aggregates and correlates
Improved visibility into asset usage, specifi- the masses of security-related data that are
cally the usage of software licenses, can also continuously generated by network devices,
save your business money. Armed with reports displays an integrated real-time view of
that integrate licensing, installation and usage network status and triggers automated
data in one place—and with detailed infor- responses by other system components
mation about desktops, servers and other such as deprovisioning an account or
network assets enterprisewide—IT managers upgrading software.
can precisely tailor licenses to real needs,
avoiding unnecessary fees for software Finally, Identity-based system management
that isn’t used. eliminates security loopholes. It can retire
unused software and hardware resources,
Costs associated with password management and protect your system’s many endpoints.
can also be reduced via Identity-driven Endpoint security management protects
Security and Resource Management. data through whole-disk encryption for lap-
Through a combination of single sign-on tops and prevents users from transferring
(which reduces the likelihood that users sensitive data to USB or Bluetooth-based
will forget their password) and self service memory devices.
(which allows users to reset their own pass-
p. 5
4622070.app 7/24/08 11:32 AM Page 6
p. 6
4622070.app 7/24/08 11:32 AM Page 7
p. 7
4622070.app 7/24/08 11:32 AM Page 8
p. 8
4622070.app 7/24/08 11:32 AM Page 9
Active dashboards that show compliance Align IT to Business When you automate
and risk status the provisioning of
❑ Adopt a process model to govern the
Focus on policy violations and anomalies, data center resources,
project, such as ITIL or Cobit.
not all data you can better meet
❑ Obtain executive sponsorship.
Reports for both business and IT the constantly changing
❑ Involve IT executives in business
managers needs of your business.
discussions.
Integration of siloed data to enable
understanding of true system status
Evaluation and Design
Endpoint Security Management ❑ Determine if pre-existing conditions need to
You can now protect your systems’ most be addressed before the project launches.
vulnerable areas—the endpoints. Endpoint ❑ Develop a solution roadmap of what the
security management provides integrated enterprise will look like after the project
security at the endpoint for USB, wireless, is completed.
data and application control. Key capabilities ❑ Include line-of-business units (such as
in the Endpoint Security Management cate- HR or accounting) that own applications
gory include: in the request for proposal (RFP) creation.
❑ Define the business processes to be
Ability to prevent unauthorized USB devices automated.
Data encryption on endpoints to protect ❑ Map your existing enterprise data model.
against theft
Location awareness for wireless security Proof of Concept
Policy-based management for security ❑ Focus on access to legacy or siloed
policies applications.
❑ Identify vendor customization requirements.
Orchestrate ❑ Consider paying for a more detailed proof
Data Center Automation of concept (POC) proposal—with the price
When you automate the provisioning of data credited toward the final purchase.
center resources, you can better meet the ❑ Define success factors based on business
constantly changing needs of your business. requirements, not technical minutiae.
Key capabilities in the Data Center Automation
category include: Production Preparation, Pilot and
Rollout
Ability to adapt to workload requirements, ❑ Set realistic organizational timeline
hardware health and business policies expectations.
Integrated management of physical and ❑ Make sure the solution you choose can
virtual machines support roll-back.
❑ Create a centralized identity vault.
Planning Your Deployment: Best ❑ Find project champions within user groups
Practices and Project Milestones and train them first.
To simplify deployment, your IT department
Installation Sequence
needs definitive goals. With the following
best practices and suggested milestones, ❑ Install software.
you can begin to implement Identity-driven ❑ Set up connected systems.
Security and Resource Management and ❑ Activate the software.
transform your vision of an integrated, effi- ❑ Configure password management.
cient enterprise into a reality. ❑ Configure entitlements.
p. 9
4622070.app 7/24/08 11:32 AM Page 10
www.novell.com
❑ Automate documentation production. through Integration and 1 801 861 8473 Facsimile
Automation
Novell, Inc.
Additional Comments Governance, risk and compliance are major 404 Wyman Street
challenges for today’s IT organizations. The Waltham, MA 02451 USA
❑ Identity and access management projects
will succeed if taken in stages. Novell approach to this challenge, Identity-
❑ Not all technologies may be initially driven Security and Resource Management,
required; most are ultimately used, provides an integrated, automated, policy-
with very little shelfware. driven solution. In addition to specifically
❑ Avoid solutions that disrupt existing addressing GRC issues, the Novell solution
systems during deployment. can reduce costs, support business goals,
❑ Align early-stage deliverables with primary enhance user productivity and promote
business drivers to achieve quick-win consistency across your entire enterprise.
Novell ZENworks Configuration Management Provides policy-driven automation for software setup, updates, healing and migration
Novell Identity Manager Translates business policies into IT controls and compliance mandates across all
connected systems
Novell Access Manager™ Secures corporate Web resources while providing for a consistent policy-based
authentication and access experience
Novell Sentinel™ Integrates identity-managed systems with other IT resources to ensure business policy
is followed
Novell ZENworks Orchestrator Automates provisioning of physical and virtual data center resources to meet changing
needs
Learn more about how Novell can help you secure and manage your enterprise at:
www.novell.com/innovationline
462-002070-002 | 07/08 | © 2008 Novell, Inc. All rights reserved. Novell, the Novell logo, the N logo and ZENworks are registered
trademarks, and Novell Access Manager and Sentinel are trademarks of Novell, Inc. in the United States and other countries.