More and more new technology is released into working environments each day, whether it be intentional installations of servers and software, or unintentional releases of viruses and malware. Given all the possibilities of what might and can occur, vigilance over what is going on is more important than ever.
Historically, keeping watch has been an extremely important duty. Sentries would be placed at key locations at all hours to look for invaders, storms, fires, and friends approaching a castle. Depending on what the sentry saw, he would alert different groups of people to respond appropriately to the threat or the opportunity that was presented.
The success in these situations is to cut response times (and downtime), and improve customer satisfaction. This also helps to cut costs, as preventing major problems and attacks is almost always better than repairing the aftermath of the issue.
Today, the analogy to IT is quite similar, but the methods have changed. You can’t use a person to track all the events on a network, there are too many systems, and too many transactions per second for this to be viable. Instead, we need to take a risk based approach by putting sentries on watch at the most important areas. If we don’t, then the risk of invaders, fire, or other catastrophe increases, as does the risk that we won’t discover the problem until after it is far too late.
Step 1: The first step is to identify everything you want to monitor. Areas to consider will be specific to your business but may include: firewall and network attacks, changes to systems, changes to logical access/user access, bandwidth usage, hard drive usage, server utilization, backup tape usage, database utilization, printer usage, and/or login times.
Step 2: Identify the areas of your network that you are able to monitor. If you can track attacks on your network, that is something worth noting. If your current system cannot track attacks on your network, that is also worth noting.
Step 3: Compare the list of things you want to monitor to the things you can monitor. You now have to decide what you will be monitoring in the short term (items you want to monitor and can monitor) and make decisions about items you want to monitor in the future (those you want to monitor but cannot monitor now). Further decisions must be made on how you will monitor these items (the criteria). Monitoring hard drive space is a good idea, but how often will you check it, and what is the threshold for concern? 90% usage? 91%?
Moving ahead with monitoring of your IT investment will help to streamline and optimize your environment, and provide you with increased return on your investment (ROI). Depending on the assessment, you may find that you can use existing tools, or conversely that you need a special monitoring tool. Either way, by evaluating your environment, deciding what needs to be monitored, and posting sentries, you will be safer and better prepared for whatever may come your way.
“Never neglect details. When everyone's mind is dulled or distracted the leader must be doubly vigilant.”- Colin Powell