The traditional tools for Enterprise Asset management and app management, performance management are challenged by the cloud. Existing security tools are inadequate and are challenged by the new aspects of Enterprise Virtualization and new technology. These new aspects:
- Personal Cloud
- SaaS Applications
- IaaS services
- Mobile Devices
- IoT Devices
- APIs and Cloud Services, Web Services
- Mobile Apps
These technologies turn traditional enterprise 4-walls paradigm security management into “Swiss Cheese.” In many cases traditional Enterprise management tools are incapable of dealing with these new capabilities at all.
As a result Enterprises have taken on new applications to help manage some of these technologies in a one-off approach. MDM mobile device management software is one tool used. Most organizations employ best practices training for employees on most of the other technologies or depend on the vendor of those technologies to provide sufficient management information. Frequently these management consoles or information are not integrated.
In some cases it may be possible to extend traditional Enterprise performance management and asset management to include some of the new technologies but most companies simply depend on employees to follow best practices or ignore the shadow IT problem and hope for the best. Some are vigilant in trying to discourage shadow IT resulting in probably much less productivity of employees and the enterprise itself or turn employees seeking productivity into rogue employees.
The virtual enterprise needs a new set of management tools that are designed to manage devices, applications and services in a cloud world and provide security and management of the “holey” enterprise.
This is the “New Enterprise” and in fact many enterprises today may already be completely virtual. This means traditional Enterprise Asset Management tools more focused on hardware are useless. They have no traditional hardware to manage.
What we need is a new “Asset Management, performance management, operations management” capability that includes all these technologies above as a unified set of tools in our new virtual world.
Since I don’t know of any tool that exists that combines all these features I am going to dream for a bit about what such a tool would entail and what it’s requirements would be.
First, the tool would have to understand all 7 of the technologies listed above. A lot of the products share common characteristics that makes a centralized administration, monitoring and usage sensible. All of the assets mentioned have a set of url’s, login’s, key’s, security tokens or certificates and since they are all of the cloud type they all have APIs except possibly Mobile Apps.
All of these virtual services are multi-tenant and / or user specific. Most of them can have many instances in an enterprise owned by different groups in the company or different individuals. They all have the need to be tracked in usage and when compromised or a departure occurs they need to be cleaned or repurposed.
One can imagine an asset store which allows you to add easily any asset of the above types. Ideally, the tool would automatically discover services when possible or interface to APIs periodically to update the list of known devices or virtual services and applications being used.
There may be a cost to such tools and those costs should be tracked. When new employees come onboard you may need to allocate some of these services and devices, similarly when they leave this has to be backed out. Ideally you should be able to organize the assets by numerous tags, such as location, group, type of asset. You should be able to aggregate costs, usage, incidents, instances or any other metric that makes sense.
Many assets of this type are related to each other. For instance a number of personal cloud services may be linked to an individual. Devices, apps may also be linked to an individual. Devices may be linked to an office or part of an office. For physical devices it would be good to be able to locate the devices on a map. For virtual services it would be good to have summaries of the riskiness of the data they contain, what kinds of threats have taken place or down time incidents. For mobile apps it would be good to be able to see the dependency on APIs, so that if an API is experiencing a problem we can assume the app dependent on it will experience a problem.
I would think a good feature would be to track the version of the firmware or app for each service or instance being used. It should be possible to force upgrade of devices and applications if needed.
One of the major benefits of such an overarching management application would be to help account for all the holes in the organization where information can go, to provide a way to isolate and govern that information separate from the employees personal services. Possibly to track the content or purge it when needed.
The system would also be useful for helping manage large numbers of IoT devices, their dependencies on each other and other services. It would be integrated with device management so that upgrades could be systematically applied and vulnerabilities understood.
It should support the social aspects of these assets helping employees find assets and understand how to use them.
I believe this kind of asset management platform is essential for the new virtual enterprise. I have been saying for a while we need a way to operate with the cloud and the inevitable swiss cheese this makes of Enterprise security.
I see the future of these types of tools as critical to the Enterprise adoption of cloud and IoT in the future.
Other Articles you may find interesting like this:
Put it in the Store – The new paradigm of enterprise social asset sharing and reuse: Just put it in the store.
Here are some user stories for such an application:
|Regular Employee||see, search in a user friendly way the available external APIs, internal APIs I may use as well as mobile apps, web apps, SaaS services or other assets|
|Regular Employee||to see, search or in a user friendly way see the relationship of assets to each other and to groupings or other individuals|
|Regular Employee||See the all the virtual services and devices I use (or am registered for) and the health and status of all these virtual services and devices I use|
|Regular Employee||See the usage and cost for the services I use|
|Regular Employee||See other people’s comments, ratings, user docs and other information about any asset in the system|
|Regular Employee||register services I use in the cloud such as google docs, dropbox, etc.. that may have corporate information on them and the credentials for the service|
|Regular Employee||register IoT, Mobile devices I use|
|Regular Employee||request an existing service, app, API for my use|
|Regular Employee||inform that some service is compromised, in need of repair or will not be used anymore|
|Regular Employee||to log a message with helpful advice, complaint, video, bug report or any content which would be usefully associated with an asset or group of assets|
|Regular Employee||I can see the status of all my comments, tickets or other requests that are pending|
|Regular Employee||I want to be notified via email or sms of incidents related to the assets I use|
|Regular Employee||I can make a ticket request for a new asset type to be included in the store|
|Operations||be able to do all that a regular employee can do for all assets or the assets I am responsible for|
|Operations||be able to see more detailed health and status of all assets I am responsible for|
|Operations||be able to act on behalf of a regular employee or set of regular employees to request, register or do any of the regular employee activities and that my acting on behalf of the employee is logged as well|
|Operations||be able to go into the administrative API and perform tasks related to any asset including security, performance, upgrading|
|Operations||be able to see the bigdata generated by the asset and perform queries against the logs and bigdata|
|Operations||to be notified if any asset has a change of status or has something logged against it that may be of interest to me|
|Operations||to be able to revoke instances, create instances of any service, set limits on the usage of services, devices or any asset|
|Operations||to be able to configure new services or devices, allocate number of instances, security constraints and policies, fault tolerant policies, scaling policies, approval policies for requests for the services or devices|
|Operations||to be able to move an asset to a different lifecycle stage such as from development to test to staging, production|
|Operations||be able to configure the lifecycle of services or devices|
|Operations||to create an incident, modify or cancel. notify everyone involved with an asset affecting the availability, usage criteria and information about an eissue|
|Operations||can set up SLA for any service or device|
|Developer||be able to clone or create a new development environment for a service or device|
|Developer||be able to set up continuous integration, test and deployment scripts|
|Developer||be able to request the service or version of a service advance in its lifecycle|
|Developer||be able to see all versions of the service or device I am working on and information related to the health or operation of that service or device|
|Developer||be able to close a ticket related to services or devices I am responsible for|
|Developer||to be able to examine in any depth the logs or other data associated with any service or device|
|Developer||to be able to create or assign relationships between services and devices, to create new groups or tags associated with devices or services that links these or show a dependence|
|Developer||to be able to create dashboards or analytical tools that themselves are services based on information and bigdata associated with services or devices|
|Developer||be able to see more detailed health and status of all assets I am responsible for|
|Management||to have configurable dashboards of operating metrics, costs, usage, incidents or other useful information for management|
|Management||to be able to research history of the management data related to all assets|
|Management||to see statistics and dashboards with respect to a single instance, the class of instances, the group responsible, the person responsible or any other tags associated with devices and services|
|Management||to establish rules and policies for security,|
|Management||to be able to configure new services or devices, allocate number of instances, security constraints and policies, fault tolerant policies, scaling policies, approval policies for requests for the services or devices|
|Overall||the system must support numerous common personal cloud services, should enable automatic logon and scanning of content and activity to insure compliance, creation of accounts, deletion of accounts, transfer or copying of data|
|Overall||the system must support numerous common SaaS applications and tie into their administrative and performance APIs to augment the information available in the dashboards|
|Overall||the system must support numerous common internal use only APIs, external APIs we provide or provided by others, different tiers of usage, entitlement limitations or other policies around those APIs such as cost|
|Overall||the system must support numerous common IaaS vendors and monitor usage, link to management APIs to be able to manage the IaaS infrastructure|
|Overall||the system must support common PaaS platforms and enable monitoring of virtual containers, instances and tie those to assets in the store|
|Overall||the system must support numerous common mobile devices and allow the MDM of those devices|
|Overall||the system must support numerous common IoT devices and allow the MDM of those devices|
|Overall||the system must support numerous common apps that users can download or come pre-configured for them|
|Overall||the system should support any amount or type of content to be placed on the wall of an asset, group, tag or class|
|Overall||the system should support security protocols, OAUTH2 and OPEN_ID or other protocols to support minimal need for the users to specify passwords or security themselves. In the case the service or device doesn’t support that then the system should be able to hold critical security information and invoke it to perform operations on behalf of the user|
|Overall||the system should support an unlimited number of instances of devices or services even hundreds of thousands and to enable efficient management of large number of devices, services|
|Overall||the system should support monitoring performance, be able to perform health checks automatically, create geofencing for devices, policy based management for deviations from the norm|
|Overall||the system should support new user profiles with combinations of permissions and asset types not envisioned at this time|