Configuration and Compliance Management

CHALLENGE

Organizations generally take risk management seriously, but there's often a gap in understanding the link between IT risks and enterprise risk management, and of how IT risks can undermine business operations. Many still remain siloed or haven't implemented processes and activities to measure the whole infrastructure and its configuration state.

TECHNOLOGY SOLUTION

EMC Configuration Compliance Solution enables businesses to ensure compliance and transparency between IT and security organizations by providing out-of-the-box integration between RSA Archer and EMC/VMware for configuration compliance automation. The infrastructure management technologies included in the solution are:

• Server Configuration: VMware vCenter Configuration Manager
• Storage Configuration: Storage Configuration Advisor
• Network Configuration: Network Configuration Manager

The solution is designed to integrate broader IT GRC—including configuration and patch management of virtual and physical environments—into a security and risk management approach, benefiting both IT and security.

TECHNICAL ARCHITECTURE

The process as follows:

1. The infrastructure management technologies on the left side will collect and evaluate vulnerabilities, violations or breaches of server, storage, and network configurations.
2. Each scan will output assessment results as reports.
3. RSA Archer’s Data Feed Manager will pull the results automatically either through database access or flat file method.
4. The information will be stored in appropriate GRC framework within RSA Archer.
5. Users will have flexibility to map configurations and compliance states to defined IT controls and policies.

RESULTS

Visibility: Report cross-domain and map into GRC framework.
Efficiency: Reduce time spent planning and auditing.
Accuracy: Remediate violations and validate compliance.