Thu 3 Apr 2008
Separation of Duties and the Implications for Product Design
Posted by jtmcarthur under Product development, Security, Startups, Storage and Data Management, Technology, Virtualization
Comments Off on Separation of Duties and the Implications for Product Design
I spent an hour today with an Onaro customer and through the conversation learned a little bit about how different companies handle the separation of duties in IT processing. I met with the customer to better understand the critical decision criteria that were behind his choice of Onaro, what features were most valued and what alternatives were considered. Turns out, at the time of his decision several years ago, he didn’t see many alternatives. Onaro, which was an independent software supplier at the time, was recently acquired by NetApp, a storage systems company.
This customer originally licensed Onaro’s SANscreen offering to ensure that the company’s IT change-control process was being followed in the storage network. SANscreen maps the entire data path from the host bus adapter (HBA) in the server, through the cables and switches, ultimately to the storage array. Anytime someone makes a change to the configuration of his fibre channel storage area network (FC-SAN), he gets a notification. If the change hasn’t been authorized through the change-control process, he investigates. As we were talking he showed me several alerts, that he had just received on his Blackberry, regarding changes that had not been authorized.
SANscreen also helps the customer plan better for changes. For example, if he needs to swap out a storage system or a switch, he can leverage SANscreen to determine which servers will be affected. He can then notify the server administrators of an upcoming outage, and they can plan accordingly. When he told me that, I then added “and the applications owners, too, right?” To which he responded, “Oh, no. For security reasons, I’m not allowed to see which applications run on which servers.” That answer was a surprise to me, since when I recently asked a storage administrator at a major financial institution how his job was changing, he told me that he was now accountable not simply for storage system performance, but for application performance. Perhaps, however, his answer shouldn’t have been a surprise, since the company recently fell victim to a substantial security breach and had a heightened awareness of the need for separation of duties.
What all this means to management-application developers is that they need to be mindful of the fact that there are significant differences in how companies handle IT governance. While one company might give a single person control of application software, servers, networking, storage and data, others will separate those roles into isolated functions. A management-software solution that will serve the entire market has to be designed with sufficient flexibility to enable secure, customizable, role-based reporting, regardless of how the customers choose to organize. It also means that while many things are possible, such as running storage as an application in a virtualized server, for reasons of separation of duties, it may not be desirable for some companies.
No Responses to “ Separation of Duties and the Implications for Product Design ”
Sorry, comments for this entry are closed at this time.