I was at a presentation yesterday hosted by Getronics on the merits of their wireless security and implementation methodology code named WISDOM. The basic gist of WISDOM is to use existing management process frameworks like x.805 and ITIL and marry them with the latest and greatest wireless and security technology (editors note: this is a huge simplification). This breaks down into looking at the network in a three dimensional landscape. On one axis you have the 3 security planes: management plane (configuration), control plane (QoS, VOIP, etc.) and end user plane. On another axis you have the 3 security layers: Application, Services (FTP, HTTP, etc.), and Infrastructure. You then have the third axis which are the 8 security dimensions: access control, authentication, non-repudiation, data confidentiality, communication security, data integrity, availability, and privacy. Getronics raps around the three legs of their practice around this model: security, process & procedure and technology.

What really stuck me about this is most WLAN technology vendors build in the security and technology aspects into their products but they almost always forget the process & procedure. Let me give you an example. Almost all LAN hardware vendors build some sort of “management” into their products or offer some software tools. Most times these tools help an engineer configure the device, change and update firmware, troubleshoot packet level problems, etc. But almost never do these tools take in mind the process & procedures an enterprise needs to go through to allow these things to take place in the first place.

For a long time I have wrestled with how to market certain features in our software that revolve around how an IT organization works with the tools they are given. We have experimented with terming our product an “Operations Management” platform versus an element manager. We tried to capture the fact that we only show data about the network to those people who are authorized to see it. As an example, someone from the help desk who logs into our product can not see configuration data versus when the admin signs in they can see and edit configuration data. We even went a step further and began to segment access so that we can allow an admin from one department to log in and see/edit data in his department only versus the entire network. We also do things like integrate with syslog, send traps to other NMS systems, have an XML interface, and log all activity within the system. The features have almost nothing to do with WLAN management but are absolutely critical for an enterprise because they support their policies & procedures.