So many times, we hear companies say, “Our tools are just like Tripwire’s,” “We do configuration management just like Tripwire” and “We can push out policy just like Tripwire.”But as we say, this just ain’t necessarily so.You might be able to do configuration management using a “Tripwire-like” tool. You might configure it and use it set up a policy or a configuration of a system. This configuration needs to stay the way it is, and if it ever drifts from that, then the tool will alert the organization and help to reconfigure and fix it in a timely manner.All that’s true. What’s more, this flow can be very exciting, as people love the idea that they don’t have to stay on top of their configurations.However, there are two problems:How do you know that the particular setting that you’ve chosen for your configuration is appropriate for your organization’s security needs?Are all of your changes going to go through this tool? Do some environment changes take place outside of this tool? If so, how do you manage those? That second point is very important. If your tool isn’t accounting for all of your organization’s changes, then every single change enters into “break/fix mode.”What is break-fix mode?The term “break/fix” or “break’n fix” refers to the fee-for-service method of providing information technology (IT) services to businesses. It’s a reactionary paradigm through which an organization waits to fix something until it actually breaks.Using this method, an IT solutions provider performs services as needed and bills the customer only for the work that’s been done. This type of model can save organization ..
Support the originator by clicking the read the rest link below.
