jdcmg banner
 

 

Minutes of The JDCMG Meeting

May 17, 2007 UC Davis, Medical Center

Please note that the majority of this meeting was devoted to vendor presentation of security products and services. The vendors included IBM, Microsoft, Oracle and Sun presented.

Web link to Vendor Security Presentations

Attending:

UCB, UCD, UCDMC, UCI, UCOP, UCR, UCSB, UCSF

Misc Topics / Roundtable News

Paul – ITLC – Q: is /should there be a UC Wide Strategy on Data Center builds? Monitor Group $8M study in process to assess and recommend implementations of Basic Administrative Systems.

Dave Z. - UCD – HVAC increases Liebert XDR and Central CRAC units proving 90T, campus paying for updates, not DC.

Tony – UCDMC – looking at charging for x86 system hosting due to growth in demand.

Disaster Recovery Updates

UCOP/UCSD – working pretty well, 6-7 tests so far, refining process, quashing problems as they appear. 1st AYSO test had 21 of 22 apps OK. Goal is for SD staff to be able to bring up w/o IR&C staff present. Looking at setting up a shared People Locator service.

UCI – running backup DNS at UCOP.

UCD/UCDMC – MC will run some critical services for UCD in the event of a disaster over fiber from UCD to UCDMC.

Vendor Presentations – IBM, Microsoft, Sun, Oracle

Presentations On the JDCMG site. Selected comments ...

Sun – Solaris 8-10 has Basic Security Module which passes EAL4 / CAPP rating. Exists for the Federal Gov but is not enabled by default, which can provide fine-grained auditing. Sun's VAAU and RBACX can provide user entitlement certification as part of the Identity Management offering.

Oracle – Data Vault, Audit Vault and “Wallet” provide for separation of duties, fine-grained auditing, analysis and roll-ups. Has “Oracle Insight” internal review service offering to top-tier customer. Provides Transparent Data Encryption to increase security of data in flight. “SSN Vault” which provides for secure storage of SSN and dynamic repopulation at report generation time. SSN Vault pilot project at U of Missouri in progress.  More info can be found by searching at http://search.oracle.com/

Microsoft – Briefly mentioned that Operations Manager 2007 provides an audit collection service which will collect everything be default, then one can later decided what filters to apply to save for archive. Secure Vantage Technologies, a MS VAR, presented their Compliance Security Suite. This is a compliance library which can evaluate an infrastructure and events against HIPAA, ISO1779 and other frameworks. Jeremiah Becket, CEO and Chief Architect presented.

IBM – Kevin Munoz, Phil Lawrence, and Mark Azzolina presented on security methodology background that is vendor independent - “best practices”. Reported that 7.5% of IT spending is now going to security in the US, 8.97% in Europe. 64% intend to increase spending over the next 2 years. The greatest area of increase is in labor costs. IBM offers Console Insight – a log consolidation, “who, what, where, when, how” product. Provides “snap-ins” for check against regulatory requirements – HIPAA, SOX, etc. IBM Global Services is able to provide all aspects of a security implementation – initial audit to product specification to implementation and ongoing monitoring.

Auditors, SAS 112

Paul reported on the UCOP audit, and changing face / focus of audit under the SAS 112 requirements. Major areas noted were developers being able to promote into production and no official log of customer approval to move into production.

[ KGG found this link with more info - http://controller.berkeley.edu/SAS112/index.htm ]

 

 
 
Copyright © 2007 The Regents of the University of California, All Rights Reserved. UC Joint Data Center Management Group (JDCMG)
Updated: January 26, 2010