– Michael Fimin, is CEO of Netwrix, says:
Change Auditing
It’s one prediction you know will come true: your environment will change in many ways this year – even this month, this week or today. New requirements and challenges are fueling these changes. From compliance and security to big data, mobility, and BYOD policies, IT is more overwhelmed than ever with the new trends that may impact the stability of the environments they manage. Compounding these challenges are obtrusive threats as well as those threats that may even be from trusted individuals inside the organization, including human errors, which can cost your organization its reputation, trust and money.
So are you prepared for the changes that lie ahead for your organization? What if your organization needed to perform a security audit? Are you ready? IT professionals from the help desk to the CIO have been charged with implementing mechanisms, both native and third party, to address their enterprise IT auditing needs. When implemented successfully they can help satisfy regulatory compliance, improve overall security and promote efficient infrastructure oversight in the face of all these changes and challenges.
Knowing who changed what, when and where throughout your organization can save hours of troubleshooting, satisfy compliance needs, better secure the environment and permit administrators to manage multiple resources. But this can be challenging giving the diversity of the platforms, systems and tools you may employ throughout your enterprise. Furthermore, if you are like most IT organizations, you face ever tightening budgets contradicted by increasing requirements from organizational leaders to assure security and compliance.
To help meet these opposing requirements, consider these four steps to achieve the change auditing that will give you peace of mind:
- Take an inventory and establish preliminary priorities – start with an inventory of systems and hardware that are owned and managed by IT. This should include computers, servers, mobile devices, file storage platforms and network applications such as firewalls, switches and routers. Place a value on the data they store or the role they serve.
- Eliminate waste, consolidate and replace assets – Find opportunities to retire or replace aging equipment and platforms and evaluate the time and cost required to implement replacements or consolidations.
- Categorize remaining resources form most auditable to least – evaluate your systems based on their expected capacity for auditing. Some systems and hardware will more readily facilitate auditing than others. Then, strategically consider shifting at-risk information and resources that will more readily permit auditing.
- Consider an automated auditing solution – Implementing an auditing solution will enable you to achieve an ongoing, long term auditing best practice that can give you peace of mind. When evaluating auditing solutions, look for one that offers Change Alerting (who changed what, when and where?), Detailed Change Review (which can go beyond basic event log data), Configuration Analysis (what are current and past state-in-time configurations?), and Turnkey Reporting (with a robust set of out of the box reports).
Michael Fimin is CEO of Netwrix, the No. 1 provider of change and configuration auditing solutions for optimizing organizational security, governance and compliance. An enterprise IT visionary, he is an accomplished expert in IT change and configuration best practices. Access a complete whitepaper on How to Effectively Audit Your IT Infrastructure at www.netwrix.com.