"Doing more with less" is a marketing slogan that's been popular with Microsoft lately, but it does reflect what many IT managers are trying to accomplish. So how better to do that than by automating some of the mundane management tasks that cannot be avoided, said Alex Bakman, founder and CEO of Portsmouth, N.H.-based Ecora Software Corp., a patch and
configuration management software supplier. Prior to Ecora, Bakman founded CleverSoft Inc., a monitoring software company that was later acquired by El Segundo, Calif.-based Candle Corp. He has also worked in software development, consulting and in IT. In an interview, Bakman shared some thoughts on current IT management and security trends.
What's selling today?
Alex Bakman: The biggest projects are patching, server consolidation and compliance, [software] products that produce ROI. With patch management, everyone is trying to make sure Slammer doesn't get them. They are taking older servers and consolidating them into one new modern box, partitioning it three or four ways. I was with a customer the other day that had gone from 850 Windows servers down to about 500 servers.
Before Windows 2000, if you ran SQL [Server] and Exchange [Server] in the same box and there was any problem, it blue screened. That's how this sprawl [of servers] occurred. But Windows 2000 is more stable, so people are revisiting the idea [of having multiple applications on one server].
I've also seen a lot of business for [compliance] software. Public companies, IT directors, all of a sudden woke up and realized they needed configuration management, change management, reporting. They needed a good audit trail. The Sarbanes-Oxley deadline spurred many of them into action. And that comes down from the top -- [from] the CEO.
So big IT spending hasn't bounced back?
Bakman: I don't see the recovery in terms of numbers. Just about every IT director, at least the smart ones, are keeping up with the IT projects through tools. They are automating their staff. A well-run shop has good monitoring in place, change configuration management, software distribution -- though not as much -- and good backup.
I'm seeing shops with an incredible ratio of servers per administrator. One company had a five-person staff and 800 servers. On the other extreme, I've seen some shops with 10 servers per administrator. It's only a matter of time before someone in upper management will look at the IT bill and say, 'What's going on here?'
A recent study found that spending was up on software suites that encompass multiple security
tools. Your company sells point solutions. What are your thoughts about that trend?
Bakman: The one place where I see a legitimate gripe is in the case of intrusion detection. There are so many tools that send false positives. There is a whole class of tools that act as a consolidator of all the events so the IT guy doesn't get overwhelmed by false alarms.
A typical medium-sized organization is a best-of-breed shop and will continue to be. So much purchasing of IT will grow and be more departmental. I don't know how many vendors are doing multimillion dollar transactions. CEOs are not spending that kind of money. When there is a lot of departmental buying, it tends to be for point solutions. They say, 'We have a problem in patch management.' They'll research a bunch of products and pick one. A lot is project-driven and those are the projects that get approved.
Even with patch management, it would be really nice if you could patch all 60,000 machines. But then you find out that every department in the company wants to control all its own patching. When you look at the actual implementation and look at the whole thing politically, you find people want localized patching and centralized reporting.
What do you think are the biggest mistakes that IT managers make when developing a security
Bakman: In some organizations there is a lot of focus on firewalls and not much on internal security. It's great to have three layers of firewalls and DMZs, but all it takes is one bad apple inside of the corporation. You need security at each and every resource you are trying to protect.
So you must be a big fan of identity management technology.
Bakman: Absolutely. ID management and configuration management. If you are going to secure each and every resource, application, key database, it all comes down to access control. You'd be shocked. We just ran a configuration management test for a company and [found that] a consultant who had previously worked there, and had been gone for three months, still had full [system] access.
If you look at most security break-ins, how do [they] get hit? Two things: either the system was not patched, or it was a misconfiguration. Administrators' IDs were not managed properly or someone on the inside took advantage.
So do a good job with access control, take down the services you don't need, harden the system and do patch management. Then it won't matter what happens on the outside. On the inside you will be protected.
What are some of the new security technologies that impress you?
Bakman: What they call behavior-detection technology. The Cisco [Systems Inc.] Security Agent 'learns.' It sees something funny and disallows access. Behavior blocking is very promising. Other companies have it too -- McAfee, Norton (Symantec). The nice thing about the Cisco product is it's adaptive. You don't have to spend a lot of time defining policies.