The Effective Way To Enforce A Logging Policy

Beware Ransomware Attacks on Very Old ColdFusion Servers (CF9 and 8)

The effective way to enforce a logging policy involves strategies and practices to ensure that logs are monitored adequately. These strategies include; defining the access and notification policy, communicating a logging policy enterprise-wide, and assigning a policy marshall. We have also come up with some recommendations for the successful enforcement of this policy.

One of the ways to avoid the downfall of a business at the foundational level is to have an enterprise-wide policy for centralized log monitoring. Not only do you need to have the policy, but enforcing a logging policy is as important as the policy itself.

Whether you run a small or large enterprise, enforcing a logging policy will give your enterprise the dependability, consistency, and framework needed to avoid service downtime and reduce mean time to recovery (MTTR).  You’d be saving the cost of downtime and building trust in your customers. In addition, it’s certainly a good return on investment.

Once the policy has been formulated and ready for implementation, the next step is to enforce it with a holistic approach across different departments in the organization. With our hands-on practical experience with managing logs, we have been able to come up with our own way of enforcing a logging policy.

Defining Access and Notification Policy

Once log levels and storage constraints are defined, the next phase limits access and notification policy. Two important rules when implementing a logging policy are to keep everything simple. The less, the better. So long as you’re interested in consistently meeting PCI-compliance and other security compliance for IT governance, you’d need to have a properly defined access and notification policy.

Our operational and security needs define what type of log data we want to send out. We don’t want those on-call duties to be bombarded with irrelevant notifications. A defined access and notification policy should detail who gets notified, the messages’ severity, and how the notification happens. Too much information can cause tumult.

Communicating A Logging Policy Enterprise-Wide

Humans are one of the most complicated creatures to please. There is always going to be that someone who is resistant to change. However, getting employees to understand the logging policy is an integral part of the jigsaw puzzle to make it effective.

The logging policy should be communicated in a fun, simple, and easy to understand manner. The best way to spread awareness is by creating a series of messages to encourage employees to learn about the policy.

It can take the form of a published article on the DevSecOps intranet, an announcement by the department head, or an enterprise-wide campaign. Another idea is to introduce tokens of recognition. It sounds a bit cliché, but it works. Realizing many people are motivated by tokens, by offering them as a reward for their knowledge, made them align with the policy we established.

Automate As Much As Possible and Assign A Policy Marshall

The quickest way to enforce a logging policy is to automate the process. The policy is built into the code base tools that ITOps continually use at the code level.  Whether building new apps or updating new features, the logging policy must be considered along the development process.

Another exciting way is to create and appoint a policy marshall role. They need to be on the lean side of authoritarianism, constantly encouraging teams to align with the logging policy. Their primary responsibility is to get everybody to comply.

Putting It All Together

Enforcing a logging policy is crucial for improving log management, preventing application/service downtime, and minimizing MTTR. One thing is sure, logging requirements will continue to evolve. As the number of network devices increases, logging problems and preferred solutions will continue to grow. Therefore we must promote an enterprise-wide commitment to a culture that encourages the quick implementation of this policy. As well as adjusting if new log management changes arise.

Menu