This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
Which Is Best?
Both the manual and automated approaches can do the job well, but they clearly have limitations. In a large enterprise, automated policy management tools can be a tremendous help. But for smaller organizations, they may not be worth the cost.
Another possible problem with automated tools is that, instead of making customized policies for the enterprise, users can modify the company to fit the policies. Right now, many automated products are limited in scope by only taking a slice of the pie--either the network- or host-based approach. To truly be effective, a policy management solution needs both. Symantec is moving in that direction, with plans to add a network-based component.
Policy development and policy management are a complex series of daily tasks, but companies must face the challenge. As our IT infrastructure becomes more complicated and threats continue to grow, we will increase our reliance on manual and automated tools to enforce policies and report on compliance. As policy management products continue to mature, we will see automated tools that are better equipped to deal with the problem holistically, and hopefully prices will drop to where businesses of any size can afford to implement them.
To be sure, effective policy management will only become even more critical in the future.
This was first published in June 2006