A canary for your computer management mine
Summary: how do you know if your computer management operations are as good as they should be? There are plenty of options, but I have one that I want to advocate.
Does everyone know the mine in the canary story? The idea is that in mines one of the big hazzards is noxious gases of various sorts. Small birds are particularly susceptible to the bad gases, so if the small bird (canary) falls off its perch, then it's time to get out of the mine. Do you have a similar early warning system for computer management?
We hired a new senior operations manager recently (not surprising, since Microsoft, like many other companies, reorganizes about every 6 months or so). He was kind enough to listen to my 'hidden agendas', and so I was thinking about how I would articulate my perspective. I shared various points, but a key one was that he should ask about our security. Nothing complicated - just simple questions: where's the latest security report? who has access to what? who are those people? Who is responsible for security reviews? What is their opinion of the latest security options? Stuff like that.
We have answers to those questions, and I won't go into those here. They're not entirely bad answers, but are they as good as they should be? More to the point, how readily are the questions answered? My suggestion is that if your organization is well run then the answers to those questions will be very 'matter of fact'. Of course the reports are at URL X. Of course we know who those people are. Should security be tighter? - to me that's the next level of security review.
Similar questions could be asked of similar operational issues - monitoring, SLA reprorting, operational reports, backup/recovery readiness, etc.But security is less immediate - everyone cares about it above all else when something goes wrong, but most of the time securty is not an issue. So it's easy to push it off to tomorrow. That's OK if it's litterally tomorrow, but if you find that a year later tomorrow is still imminent then you have to ask whether your operations are as good as they should be.
So if your latest list of who has access to what in your computer manangement system is 6 months old, then maybe your canary is dead.
BTW - for the hackers amongst my innumerable readers (yeah, right), I don't want to encourage you - Microsoft IT is very thorough about perimeter security, operating system level security, patching, SQL Server level security, etc. So it's not as if the SMS servers are a playground for hackers. But that doesn't mean we don't need improvements.
p.s. While we're chatting, I'll mention that I upgraded my nearly 3 year old Media Center Vista machine to Vista Ultimate today. In those 3 years I upgraded the video card and memory a bit but basically it's what it was back then. Much to my surprise (as an old techie) this upgrade went VERY smoothly. I expected to be struggling with device driver issues, etc. but much to my pleasant surprise (despite working at Microsoft), it is performing wonderfully tonight. So I've got Vista coolness and security at minimal effort. I know that's the way it's supposed to be, but I've done enough upgrades over the years that I know that upgrading older machines with lots of apps is asking for problems. Of course YMMV. And I'm not hear to sell you Vista. But I find it's the negative stories that most often get reported, so when I have a positive one I think it's fair to share it.