Cloud-based security and systems management (CSSM) applications have been going through my lab for testing lately and I find myself seriously weighing their use in production. Anyone who regularly reads my column knows that I am not exactly the biggest fan of the cloud, but the quality of the CSSM applications I have …
In a word
The problem is not cloud/no cloud but one of discipline and foresight
Your comment about the decision of doing something by hand vs. using a tool to automate it rang a bell on my head.
I've seen it too many times to count: the "small change" gets undocumented and done on a few places, then basically forgotten about. Or worse, ends up done on thousands of places but still nobody bothers to document or script it. In a few years, you'll have accumulated a couple of dozens of these, and the end result will be that building something requires... 24 manual changes and you'll be not very sure of which have to be applied where.
What the cloud triggers is the realization that keep going this way in the long term is expensive and unsustainable. Only in the cloud you see the $$$ value pretty clearly when you're forced to keep multiple images around, juggle them and pay for them.
If you adopt the discipline instead, you'll be able to manage things much easier and cheaper, cloud or not cloud. Of course, it requires a level of foresight that is not usually what business managers are up to. Just get it done now as quickly and cheaply as possible, we'll worry about the consequences later...
Especially when using software from a vendor who insists they know about security and controllability better than you do and specialises in insecure point 'n drool setups..
Only for those who don't know what they are doing.
What I got from the article is.
A) If you are very large company, it is worth investing the time in tools.
B) If you are medium sized company, it difficult to know whether the tool save any time money.
C) If you are a small company and don't know what you are doing. The cloud tools can make it seem easy, and allow you to do the mundane tasks yourself.
I can't see the cloud based ones taking the industry by storm. Generally because if you like the cloud, you would have put all your stuff there already.
I'm currently working on getting CA's horrible management suite working in an on-premises environment, so I can definitely relate.
All of these systems management tools (SCCM, Altiris, CA IT Client Manager, Tivoli, etc etc etc) are a huge amount of work to get working for most environments. The other problem is that some of them are designed as consultantware -- 60% of the functionality works out of the box. When you go try to set up the other 40%, it's either so poorly documented or has layers of complexity that just aren't worth figuring out on your own, that you need to call the vendor in.
The only two products I've seen that you can get to about 90% functionality without severe teeth-pulling are System Center and Altiris. This is mainly because they generate human-readable log files and the vendors publish OK documentation. The CA tool I'm currently working with is...interesting. Remember Unicenter from the 90s? That product is still there in the core of it all, complete with a fully proprietary communications protocol that only CA seems to know how to debug. Like I said, most of it works, but trying to figure out some of the stranger bits is an absolute pain in the butt (and wallet, if you have to go the consulting route.) Bottom line is that systems management tools are all complex. Some of the newer entries might have less legacy crap gumming up the works, but it's actually a lot of work getting a tool to distribute software, pull inventory, etc. reliably across platforms.
if your not a fan
then you should install this plugin if you haven't already, makes reading about cloud enjoyable.
To quote the last paragraph of your article
"The value of the service trumps the risks – real and imagined – of it being in my butt."
chrome(I use firefox):
(I have used that for the past 8-9 months now, I wish I could add other words easily to be replaced but haven't figured out how)
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND