Many administrators spend their time securing Windows at just the network level or just the applications level -- and never cross the line from one group to the other. Where does your domain lie and how do you keep Windows data secure even if the perimeter is compromised? We asked those questions of our ITKnowledge Exchange members. Here is one of the responses, or return to the main page for the complete list of letters to the editor.
Network and applications groups disconnect makes for bad practices
Senior Network Systems Engineer
The network and applications are very different, looked at differently and managed by different people.
The disconnect between the groups is not completely separate, but there is no total IT group approach. Changes may be discussed, but they aren't often tested in time.
Our lead manager is more on the network side. He only focuses on securing the perimeter or the network and firewall level. Thanks to HIPAA and SOX requirements, we are just now getting some of the security needed at the server, data and application level.
We are not yet completely compliant as we still have to conduct product research and deploy the products we select. Over a year ago we asked for a log management and reporting tool – yet we still don't have anything.
As for our environment, we are mostly a Windows shop. We do have a few AIX hosts for a specific application and three VMWare ESX servers. The hosts inside the ESX servers are all Windows. I am based at the corporate office, where I support approximately 80 servers and 450 workstations. Currently about half of our facilities manage and maintain their own systems.
Most of our protection is implemented through NTFS, working toward the whole needed services thing with the Microsoft operating system.There is no data protection plan in place and one may not even be on the minds of the management staff. Personally, I would guess it's not on their minds at all.
Will the disconnect between the network and applications groups ever improve? I sure hope so. It is a very bad practice. Projects take longer, it's easier to get frustrated with the user base, etc. Either management or a project person should be assigned to ensure that interested and essential parties are involved in a project. Several times I have worked on projects someone else was working on at the same time, which is a waste of time and effort for both parties. Thanks to poor communications, changes are not made as they should be.
Return to the main page for all letters to the editor regarding network vs. data security -- or e-mail us your own comments.