Intelligent Infrastructure Management supports Good Governance
Reliable Intelligent Infrastructure Management (IIM) tools provide the audit trails for compliance with good governance commitments
A host of regulatory measures has descended on businesses across the world in recent years, many of which have been enacted by governments to encourage sound business practices or “good governance”. In the USA the Sarbanes-Oxley Act of 2002 was introduced to regain public trust in accounting and reporting practices following a series of corporate accounting scandals. The Act includes reference to the IT systems that manage and report financial data. These are used to initiate, authorize, process and report on financial data and are a vital links to the management reporting process. They are therefore subject to assessment for compliance with the Sarbanes-Oxley Act.
The same principles apply to the best practice frameworks provided by the Information Technology Infrastructure Library (ITIL) in the UK, Basel II in Europe and the ISO 27001 information security management system standard published in October 2005. All of these have information security as their primary objective. Security values relate to data integrity, verifiability, confidentiality, privacy, anonymity and availability, and reliable audit trails are required to provide evidence of compliance to good governance.
In a recent article in Financial Solutions International, Rob Cardigan of Nexans Cabling Solutions highlighted the value of reliable IIM tools to provide the audit trails for compliance with good governance.
IIM is designed to provide change orders to plan, enact and review the physical movement of user devices and related services around a site for completeness and correctness. The hardware element of the IIM solution provides feedback to control the work order. It ensures that the right service is supplied to the right device. This is becoming increasingly important in converged environments where complex networks are highly sensitive to incorrect connections or disconnections.
Cardigan believes that European infrastructure standards are likely to call for automated connection management and service provisioning in networks of over 1000 floor served points, an area that is no longer considered a mega network.
The ability of IIM to track events relating to changes in the network infrastructure in real time is a further benefit: A discovery engine allows the system to detect foreign IP devices and to track its physical position by correlating the IP and physical infrastructure information. It automatically plots all user devices and intelligent building components like access controls or card swipe points on a floor plan. A detailed log registers all such events, providing an audit trail which details where and when an event took place. This can be further enhanced by adding a software link to a CCTV system to provide information on who was involved in the event.
The system can interrogate user devices to recall selected information, e.g. a list of installed software or the status of operating system updates that help protect the network against security vulnerabilities.
The IIM system updates its database in real time, ensuring a continuously updated record of assets attached to a network. Any unexpected event can trigger an alert and communicate the event to the communications room or to an authorised official. It can even be programmed to disable a switch port for an unauthorised device or to provide evidence of the perpetrator.
A printed report of the assets on a network can be drawn at any time to serve as a significant time-saving tool for a real time physical audit when this is required to provide evidence of the control of assets.
Cardigan estimates that 70% of network downtime is related to the incorrect disconnection of physical infrastructure. Through its planning tools IIM reduces the risk of this happening, whilst its detection tools enable rapid corrective action if it does.
In data centre environments IIM also monitors temperature and power control and integrates with rack management systems to improve physical security.
Implementing IIM costs less than 2% of the total cost of an IT system. Considering the added value in terms of improved change management, reduced diagnosis time, improved service levels and its value in monitoring and controlling compliance, it offers an excellent and quick return on investment.