Friday, October 17, 2008

Often overlooked IT shortfalls

No one can dispute that daily our society, our economy, and our daily lives become more dependent on information technology and communications networks. From the stand point of IT administration this means that their role becomes increasingly more important. I think however there are several key areas that are often overlooked that can have serious consequences.

First, off site data back-up. Most organizations are serious about backing-up and safeguarding important data. They spend a lot of energy, time, and money purchasing and setting-up back-up software and establishing policies and practices to ensure data is safely backed-up. However if the back-up media is stored right alongside the servers then an environmental disaster (fire, flood, theft, etc.) will claim not only your original data but the back-ups as well. To be stored in another physical location preferably in another region to provide true safety.

Secondly, no single point of failure. Every aspect of your network should have a redundant or a fall back system. This includes everything from having raid arrays on your drives, to an alternate Internet connection in case one fails, to having a secondary electrical power source if there is a power failure for critical systems. Not to mention there should be two of every server on your network. Web and mail servers, dns, dhcp, wins, domain controllers, and so on. If one goes down the other one needs to be able to step in and take over. This type of a system also makes most maintenance appear seamless to users since they rarely even notice if something goes off-line.

Third, disaster recovery plans are important. Have you planned for all of the contingencies that might occur? Have you actually tested your back-ups and redundant systems? Do you have procedures in place to deal with failures and or mishaps. This will help to reduce panic in a disaster situation as well as establish clear guidelines and procedures. Additionally it will help you analyze the types of threats and situations that may occur and may even lead you to some that you hadn't thought about.

Fourth, remote access. Now I realize their are some security concerns that go along with this as well but the fact is that IT admins are human and cannot always physically be on-site to deal with issues or outages. It is worth at least considering some type of remote access solution to allow admins to gain access and manipulate the network from any location. This may mean the difference in restoring service in minutes as opposed to days or weeks.

Lastly, network monitoring. Admins need to monitor security and event logs on all systems as well as implement network inventory and monitoring solutions. It is important that you remain aware in real time of the devices that are connected to your network and their health. Rouge, unauthorized, and malfunctioning devices can pose not only a very serious security threat but also a physical threat to your networks as well as your data.

Posted by:
Josh Nicholes

No comments: