The answer is No – Now what was the question?iQuate

The answer is No – Now what was the question?

Piaras MacDonnell - 7:18 am - February 24, 2011

IT Security groups have a vital role to play in protecting the operational integrity of the infrastructure – and, by extension the entire organization. The professionals in these groups play the role of the keepers of the secrets, and they are very good at it.

Some projects have a legitimate requirement to access some of these secrets and automated IT asset discovery is a very good example. iQSonar can identify assets without the need for credentials, but the information returned is, by its nature, superficial. In order to deliver detailed and accurate data, iQSonar needs access to the full list of credentials for all devices to be covered by the scan.

IT Security groups need to be assured that any project needing such credentials, will not compromise overall system security.

Here is my quick guide on how to make it easier for IT Security to say Yes.

Follow the RFC (Request For Change) process
- Most organisations have a process for implementing changes. Learn what it is and follow it to the letter. This is especially true in large organisation or where the support has been outsourced.
Document your requirements
- This should be more than an email. A properly formatted document answering the typical questions you would expect to be asked
- A properly formatted document will reassure IT Security and Change Management that your request has been well thought out
Talk to them
- A quick call can speed things up considerably. It gives the technical team to explore your request. It also gives you a chance to demonstrate your knowledge and experience
Compromise
- You are not likely to get everything you want, exactly as you want it. Focus on the final outcome. Typical compromises might be (for a scanning project) to only scan between certain hours or on a limited number of machines. Maybe it’s just an extra report.
Find a technical sponsor
- Every project has a Business Sponsor but if you can identify a Technical sponsor in the organisation it can be a significant advantage. They will not only be familiar with the process but they will have the contacts to speed things up or push through a change.

Finally, be nice but persistent.

Good Luck

Twitter

iQuate and #VMware will run a workshop on how to Optimize #Oracle licensing in VMware environments at #IBSMA SAM SUMMIT http://t.co/2Xs70YNH 8 hours ago

We are hiring! Sales Manager positions available in San Francisco Bay Area and North East! http://t.co/65SzQMXv #jobs #salesjobs #jobfair 2012/05/16

Join our LinkedIn group Automated IT Discovery to share opinions and experiences with other professionals! http://t.co/Xu5x4yDo #ITAM #SAM 2012/05/15

iQuate - inventory, innovation, insight

THE GLOBAL LEADER IN IT INVENTORY & DISCOVERY

Blog

Blog Archives