Trusting systems
Listen to the column Trusting systems, or visit our Podcast Center to hear more by James Gaskin.
Who do you trust? Your spouse? Your boss? Your dog? Your software?
Standard answers: Dog absolutely, spouse probably, boss maybe, but who thinks about trusting software? Smart, high performing companies. A leading vendor in this new space, SignaCert (.com), aims to automate software trust, audit trails, and best practices to enable more companies to reap the benefits of management automation reliability.
Building upon work done in his previous company, Tripwire, Wyatt Starnes started SignaCert to go one step beyond change management (detailed last month) and build "white lists" of authorized and validated enterprise software. Starnes called to explain how the IT business lags behind mature automated industries like telecom, automobile manufacturing, and airlines.
"Airlines don't fly until all the lights are green in the cockpit. We do it all the time in IT," says Starnes. Worse, we don't even have lights on most critical systems.
How much do you trust your SQL databases? Can you verify all changes made to the code? Tripwire helps, but what if you could certify a gold standard installation of an SQL database for your company as a baseline, and automatically verify each patch before applying same?
When you absolutely control software code changes, you increase uptime. For industries such as financial services, one more decimal of uptime means saving millions of dollars per year. Tracking code from a known reliable state through each change, automatically, saves serious money.
Automating software control means working with outside vendors (Microsoft et al) and inhouse developers. After all, doesn't much of the code applied to your servers come from fellow employees?
Those familiar with Bill of Materials component presentation understand the value of seeing every piece of an assembly listed, tracked, and verified separately. It works for automobile transmissions, and it will one day work for your software applications, allowing you to track and verify every component, patch, and modification.
"Platforms aren't required to exchange trust credentials," says Starnes, "just identity credentials. Soon we'll express identity and trust before exchanging information." He calls this a positive measurement model, like a white list of known good addresses for your spam filter.
Pricing starts at about $200 per managed device, and financial services companies make up most of their dozens of customers. The drive to automate trusted software controls is new, but critical to companies eager to institute best practices and increase system reliability.
ITworld.com
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
