Set data center security standards to harmonize IT, business goals
Contending with firecall ID and group ID
- Allow application and systems programmers to monitor production. Despite all the recent developments in automation and "autonomic" systems, computers still need active monitoring to reach extreme availability levels. Done correctly, read access should not pose any danger to availability.
- When comparing the three options, alternate IDs could be the best option. Alternate IDs can be logged -- just like group and firecall logons -- and they preserve some audit trails that are built into the system. Alternate IDs also allow support personnel to act quickly, when needed.
- If a shop wants to use firecall or group IDs, they should build a process that hits the sweet spot between effective controls and speedy access. In addition, the software that controls firecall IDs should have the highest availability goals in the enterprise.
- A department may want to designate a few dependable people with full powers in production to serve as the cavalry when things go badly. While this effectively short-circuits all the other attempts at control, it does provide for quicker problem resolution if something should happen.