Can security best practices and business-as-usual IT operations co-exist?
Change control gets in the way of operating IT for our business: Can security best practices and business-as-usual IT operations co-exist?
Nearly all organizations, regardless of size, struggle to some extent with configuration management and change control. The need to review changes in advance of making them, to formulate impact analysis, testing procedures and contingency plans all serves to slow things down. No wonder so many IT Professionals acknowledge the potential benefits of Change Control while outlining reasons why it just doesn't work for them.
Formal IT operational frameworks such as COBIT and ITIL strongly advocate the need for change control but it can easily become an overwhelmingly bureaucratic strait jacket that impairs the organizations' ability to use IT as an agile, on-demand support service.
At least it used to be like that, but not any more.
Closed-Loop Intelligent Change Control ensures that change control is made to work for you. By wrapping around your existing processes and using intelligent and highly automated technology, change control benefits can be delivered without the red-tape and stifling resource requirements.
Closed-Loop means that changes made are made visible and reconciled automatically with your RFC (Request For Change), Incident management and Service desk systems. This closed-loop approach works either for pre-planned RFCs recorded in advance of changes being made, or retrospectively after changes have been implemented. The system simply fits your way of working.
Intelligent Change Control means that changes are detected as they are made and reviewed automatically. If the change matches any pre-defined Planned Change patterns then it can be reconciled automatically with the relevant RFC details, even for estates with thousands of devices and even more changes happening.
If an unplanned change is recorded, this is then highlighted for review – because all the known, expected and pre-approved changes are taken care of automatically, more time is freed up to investigate changes that may be security incidents.
And, when a change has been investigated and identified as OK – maybe it was an emergency change that hadn't been assigned to an RFC – this can now be reconciled with an approved Planned Change record and also promoted to the Approved Baseline. This way, other occurrences of the same change will now be classified as 'known good' meaning that any similar past changes or future instances can be instantly assigned a Planned Change status.
» Learn more about Non-Stop File Integrity Monitoring for System Hardening – Vulnerability Management here