With Cloud, hybrid and virtual IT infrastructures, companies gain flexibility and reduce their costs. But with the new techniques the IT risks, and licensing rights violations are also rising. This makes it all the more important that IT has all systems under control and keeps reliable and licensed status up-to-date. This can only be achieved with dynamic and intelligent asset management.
It takes an average of 200 days for a cyberattack to be noticed. Until it is “fixed,” another 80. That makes nine months in which hackers can do a lot of damage. The “most popular” attack points include outdated patch and release statuses, or even canceled software. In addition to the worsening security situation, the use of Cloud infrastructures not only increase IT risks but also compliance risks. For the operation of private Clouds, virtual systems form the technical basis – and their correct licensing must be taken into account.
Inventory to identify IT risks
The only way to get a grip on this is through routine, automated inventory. The IT department needs a complete overview of all assets used in the company– for both security and license management– because you can only protect what you know. The inventory methods should be included in the Identification mechanisms of the asset management solution used because many inventory tools only use scripting techniques. While they are very flexible, they carry high risks when the encryption or the signing of the scripts are missing.
It is also important to check which devices can access terminal and Citrix servers versus which devices source an IP address from the DHCP server infrastructure. By matching the inventory results against the authorized inventory, it identifies “shadow IT” and BYOD. This hardware can now be checked directly while being included in the asset management database or it can be immediately removed from the network. However, to arm yourself against cyberattacks, this is not enough. In addition to the differences in hardware, discrepancies between what has been inventoried and the authorized software inventory must be addressed as soon as possible. In addition, IT must be up-to-date on patch/release statuses and canceled versions on a daily basis.
Visualize IT risks and vulnerabilities
Potential vulnerabilities, such as outdated applications, should therefore be visualized and flagged clearly in the dashboard. This is achieved by comparing it to a software catalog that receives the latest updates from the Cloud daily. This makes it easy to detect the software from several thousand manufacturers as well as current patch statuses. Depending on the solution used, it is also possible to provide ready-made patches, updates and applications in the LAN or via the Cloud for instant distribution – from freeware such as the PDF reader and browsers to the industry-specific applications with managed service offerings.
Workflow-based Software Distribution to prevent IT risks
Ideally, distribution then happens directly and automatically. In order to enable live communication between central and decentralized distribution points and devices, the provision of software should be made via web sockets such as HTTP (S), FTP (S), WEBDAV (SSL) and SMB. Then mobile devices –In the sense of a Unified Endpoint Management– are comfortably supplied with new applications and security-related updates.
In complex networks, in addition to local software installation, it is important to operate the virtual provision of software via application streaming, desktop virtualization, application virtualization or private Cloud solutions. This requires software management that enables the flexible configuration of software distributors. This includes determining certain functions such as assigning upload and download rights, and assigning bandwidth, as well as information on when and from what source data should be obtained.
The distribution is ideally carried out based on workflow policy. In doing so, it best uses organizational units and security groups from the Active Directory, as well as attributes and the technical organizational information from the asset management database. Also, inspections for existing licenses must not be missed.
This flexibility also benefits the deployment of the operating system. This means that, for example, the distribution of Software packages can be integrated directly into the rollout of the OS.
It also includes security features such as enabling BitLocker to encrypt a hard drive or installation via UEFI Secure Boot. This is because UEFI protects devices significantly better against rootkit attacks than it does via the BIOS. This is because an inspection takes place at startup to see if the installed drivers are allowed to run on the device at all and whether or not they have a valid certificate.
In addition to cybersecurity, the operation of a private Cloud bares the other side of things– the risk of faulty licensing. Companies rely on virtualization technology to take advantage of all the advantages of the private Cloud. But rash deployment of virtual machines and other related server applications can become a risk in terms of the license audit because these systems are subject to different metrics and rules in the virtual environment.
An intelligent asset management solution therefore maps all common server licensing metrics from various vendors, including CPU and access licenses for both virtual environments and hosts. It inventories virtualization technology such as VMware ESX, Citrix Hypervisor or Microsoft Hyper-V, as well as the operating systems and applications installed on it. In addition, it reads the underlying hardware nodes, including all details such as its RAM or CPU. On this basis, the license requirement for the virtualized software can then be automatically calculated and thus the license compliance can be maintained.
License compliance and security as a result
With automated inventory and software distribution, companies are well on their way to an optimized IT enterprise in terms of security and license rights. Hardware and software reliably detects inventory. Test routines in software distribution also prevents accidental under-licensing. Ideally, this forms a holistic approach to provide discovery and automation while also ensuring security and compliance. The effort is really worth it, because then it is possible to operate Cloud, hybrid and virtual IT infrastructures efficiently, safely while optimizing costs.