Embed Size (px)
DESCRIPTION
Citation preview
Hosted by
How to Address Data Center Operations Challenges
Jon OltsikPrincipal, Hype-FreeJune 4, 2003
Hosted by
How many industry analysts does it take to change a light bulb?
Answer: This may seem like a simple
question but it has extensive
ramifications. Therefore, answers are
best handled on a firm-by-firm basis.
Hosted by
Industry Analyst Responses
IDC: 7 billion light bulbs worldwide, CAGR 4%
Meta: Define light bulb transformation business
process
Forrester: The Holistic Internet Illumination Voyage
(Giga will cover IT impact)
Gartner:
• “New nanotechnologies will make light bulbs obsolete by 2028
(0.8 Probability)
Hosted by
Data Center FuturesTrust me. Weunderstand your data center needs. We’ll take care of it, Just sign this PO!
Without question, thedata center of the future will blah, blah,blah, blah, blah, blahblah, blah, blah. . .
Hosted by
Data Center Management & Operations
Billy Gates,Manager, Data CenterOperations
Scotty McNealy,Manager, SecurityOperations
Hosted by
Billy’s Challenges
People
• IT organized around technology not business
• In constant fire-fighting mode
Process
• Lack of defined policies
• Too many manual processes
Technology
• 37% annual device growth
• Too many point tools
Hosted by
Scotty’s Challenges
People
• Limited security group
• Limited security knowledge and training
Process
• Lack of enterprise security policies
• Limited security preparation
Technology
• Too many point tools
• No end-to-end security picture
Hosted by
Addressing The Issues
IT Governance
Organizational Model
Data Center Operations
Security
Common
Hosted by
IT Governance Definition
• A standard set of policies and procedures for all IT operations activities
Models
• IT Infrastructure Library (ITIL). Developed in UK.
Defines best practices in 24 IT disciplines.
• Control Objective for Information and Related Technology (CobiT).
Four domains, planning and organization, acquisition and
implementation, delivery and support, and monitoring
Caveats
• Phased approach
• Must be supported by Business Governance
Hosted by
Success Stories
Global adoption of ITIL, 1997• Savings of over $500 million in first 4 years
• 6% to 8% cut in operating costs
• 15% to 20% reduction in technology staff
• “When IT processes are done by 5,000 people consistently
across one company, service management can deliver
tremendous savings.” Morton Cohen, Manager, Global
Service Management
Hosted by
IT Organization
Issues:
•Hierarchy of services•Staffing•Accountability•Compensation•Communications
•Wells Fargo Bank•Internet Banking
Hosted by
Improving Billy’s World
Rely on IT Governance to cope with scale• Support with tools as necessary
Provide a solid baseline• Service chain
• Set standards: Thresholds, data. . .
Build management into applications
Measure and communicate
Hosted by
Scotty’s World
1995 1996 1997 1998 1999 2000 2001 2002
200M
300M
400M
500M
600M
700M
900M
0
Infe
ctio
n A
ttem
pts
100M
800M
*Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2002 estimated **Source: CERT
Net
wor
k In
trus
ion
Atte
mpt
s20,000
40,000
60,000
80,000
120,000
0
100,000Blended Threats
(CodeRed, Nimda, Slammer)
Denial of Service(Yahoo!, eBay)
Mass Mailer Viruses(Love Letter/Melissa)
Zombies
Polymorphic Viruses(Tequila)
Malicious Code InfectionAttempts*
Network IntrusionAttempts**
World-wide Attacks
SQL Slammer, 1/24/2003
•Effected over 200k servers•Infected servers doubled every 8.5 seconds•BOA, Continental Airlines, Microsoft, City of Seattle•Over $1 billion in damages
Hosted by
Typical Response
Hosted by
Improving Scotty’s World
Source: Hype-Free Consulting
Security Technology
Security Operations
Staff decisions
Policy decisions
Business
(2a) Bottom-up security
Security Technology
Security Operations
Security Policy
Security Organization
Executive Management
(2b) Top-down security
Audit Trail
•Appoint CSO•Reports to CEO
•Combine security groups•Physical and Infosec
•Training •Employees•IT
•Communications
Hosted by
Improving Scotty’s World
Phasedapproach through facilitated workshops
•ITIL•ITSM•CobiT
IT Governance
Security Policies and Procedures
Industry-specific requirements
Company-specific requirements
World-classSecurity
OrganizationDirection
•ISO 17799•CISSP CBK•NIST 800-37
•GLBA•HIPAA
Source: Hype-Free Consulting & Treadstone71
Hosted by
Improving Scotty’s World
Defense-in-depth• Understand security service chain
• Review constantly
Designate a response plan and team• IT & business team
• Design acceptable plan by service
Practice, practice, practice
Hosted by
Summary
Big issues with:• IT Operations
• Security
Fix processes with strong IT governance
Fix organization to bridge the business
and IT
Address technology issues last
Hosted by
Thank You
Jon OltsikPrincipal, [email protected]
Rock on,brotherGeek!
Awesomejob, Jonny O!
