Continuous Monitoring: It isn’t just about security

October 26, 2010

As part of Harris’ Cyber Integrated Solutions efforts to deliver a trusted hosting and cloud environment to our clients we need to highlight the importance of continuous monitoring in delivering explicit trust. Explicit trust is comprised of not only security but also risk mitigation and reliability.

Security is a vital component, but we must shift to a broader definition of “cyber”, and to the full breadth and value of explicit trust. In setting aside our long-standing and industry re-enforced message that it is all about security – we can. We must begin to get comfortable in expanding our cyber definitions to ensure that security is understood as only one dimension. In the most efficient, secure and cost efficient IT operations security issues represent only a small percentage of the total incidents that impact the availability of their systems. Mitigating risks and ensuring the reliability of the IT environment is predicated on continuous monitoring.

Risk Detection = Risk Mitigation

At the heart of understanding risk is understanding change. Any time a system changes from a known good state, the opportunity for risk is incurred. Detecting and understanding those changes are key to weighing the risk associated with a given change, and to taking appropriate actions. Precision change detection is therefore, the foundation of IT risk mitigation.

Continuous monitoring is the time dimension of comprehensive Trust Management. Continual checking to determine whether a data object or setting is “in scope” is crucial to closing the risk detection and mitigation gap.

The other major dimension is understanding the “as-built, supply-chain-anchored”, full multidimensional state of the IT device. That is, it’s not simply good enough to say that something changed. It is also important to be able to identify what changed with enough granularity, fidelity, and provenance that decision makers can determine the appropriate risk profile for the change, including policy actions.

Regardless of whether it is a physical or virtual server, a router or a workstation, if it runs code then the state can be captured and continuously monitored.

By continually observing multidimensional change with very high resolution methods, we enable early and proactive change detection and that detection allows us to trigger important policies that impact the compliance, availability, readiness and the security of all the devices within an IT environment.

Reliability and Availability

Have you ever sat waiting for the mechanics on a plane to change that broken part that is causing a light to go on in the cockpit? The detection performed by the aircraft sensor (in continuous monitor mode) is accompanied by a flashing light (indicator) and the policy is that the plane does not fly until the issue is resolved. While we sit impatiently, we are quietly thankful that they found and fixed that thing while we were on the ground.

And availability (those famous “nine’s”), closely related to reliability, is a direct function of detecting and remediating change. Note that A (Availability) of a device or Service process is defined as follows, where MTBF is the Mean Time Between Failure and MTTR is the Mean Time To Repair:

A = MTBF / (MTBF+MTTR)

With precise change detection within a continuous monitoring loop, and with specific policy actions in place, MTBF can be maximized. Simultaneously, MTTR can be compressed because the change detection provides a precise indication of what changes so that it can be repaired quickly. By mitigating risk caused by all changes (not just security risk) on all devices in the business process, then we can deliver more nines for the entire business process – whatever it happens to be (flying an airplane, or delivering IT services).

Harris CIS must get comfortable with this “more than security” thinking – as history is in the process of showing us (again) that the bulk of our challenge in the delivery of trust with our business service processes is the holistic delivery of repeated reliability “high nines” uptime and availability with all components of business service delivery.

Changing the Game: Continuous Monitoring

As we move forward and extend explicit trust to our clients we must advocate the importance of continuous monitoring. Enhanced security, reliability and risk mitigation rely on continuous monitoring. Harris’ Cyber Integrated Solutions is poised to take a leadership position in our industry by continuously monitoring client environments with the most advanced trusted content and methods available.

Advertisements