Previous | Table of Contents | Next |
To the LAN administrator, the perfect environment, productivity-wise, is one which any LAN administrator anywhere in a large company can go out and buy anything at any time flexibility to buy equipment that is exactly tailored to the core business and that has the maximum effect in the way of enhancing productivity is highly desired in LAN environments. However, if someone calls the help desk, the help desk staff will not really be sure what they have out there, let alone how to troubleshoot it. In many ways, if the users buy an oddball piece of equipment, no matter how productive it makes them, they are on their own as far as supporting that equipment.
LANs have a characteristically high ratio of technologists required to support the environment. Today, sophisticated boxes sit on the desktop that demand a much higher level of maintenance. Because people are such a valuable commodity and so difficult to justify because of downsizing or rightsizing, LAN administration is usually relegated to a firefighting mode, without a lot of emphasis on long-range planning.
Because LAN platforms are relatively new, in comparison to mainframes, there has not been as much time to develop operating and security standards. This is especially irritating to auditors when mission-critical applications move from the traditional mainframe environment onto LANs and the protective safeguards around them do not follow. Something as simple as transporting a tape backup copy of a file between LAN departments can be extremely complicated without standards. What if everyone buys a different type of tape backup unit? Without standards on what type of equipment to use, bulk purchases of equipment become difficult or impossible.
Even though major improvements have been made in network management systems over the past five years, the management systems associated with LANs often lag behind those associated with mainframe computers. Again, this causes the company to pay penalties in the area of maintenance and ease of use.
One answer, of course, is to force users into rigid standards. While this pays a handsome dividend in the area of support, it stifles the users productivity. They need equipment well suited to their core business purpose.
An alternative is to let users install whatever they want. This may increase productivity greatly, though it is doubtful that a company could ever hire and support enough people to maintain this type of configuration. Worse, mission-critical applications could be damaged or lost altogether is users are not expected to take reasonable and prudent safeguards for their protection.
It is the responsibility of both users and technologists to find the middle ground between the regimented mainframe environment and the seat-of-the-pants LAN environment. Through careful preplanning, it is possible to configure a set of standards that offers the advantage of greater productivity that is afforded by LANs, but also the advantages learned through 20 years of mainframe operations in the areas of support, bulk purchases, and network management.
The remainder of this chapter concentrates on exactly what constitutes reasonable operating and security procedures for both LANs and telecommunications.
One method is through the formation of a communications and LAN operating and security standards committee. An ideal size for a standards committee would be 10 to 12 people, with representatives from sales, marketing, engineering, support, technical services, including LANs, IS and telecommunications, and other departments. It is important to broaden this committee to include not only technologists, but also people engaged in the core business, since enhancement of productivity would be a key concern.
The actual standards document that this committee produces must deal with issues for both the operation and protection of a companys automated platforms (the Appendix provides a working table of contents from which to begin to write a document). Subjects include:
Before all of this, however, the committee is expected to define and understand what a mission-critical application is. Because standards are designed to cover both operational and security issues, the business processes themselves must be defined, in order to avoid imposing a heavy burden with regard to security on users who are not engaged in mission-critical applications, or by not imposing a high enough level of security on users who are.
Previous | Table of Contents | Next |