Posts

Audits- the necessary evil?

Most IT executives recognize the importance of a proper audit, yet audits can be a painful process for both the auditor and the IT organization. Audits give companies opportunities to improve, based on analysis and advice. How big (and complex) should an audit be depends on the risk priorities and thresholds, business objective, differences in the operating environments and the overall audit objectives. The goal of the audit should not be to “make the auditor” happy, but to review and show how well the department meets the needs of the business.
Logging, reporting and monitoring are very important for both daily IT functions as well as audit processes. In an audit: Logging provides a record of events related to IT processes. Monitoring is important when trying to determine state changes and other significant events. Reporting is the creation of reports whether manual (on-demand) or automatic (scheduled). On the surface these activities may look like mundane activities, but in reality they are the most important tools for managerial oversight.
Applications such as the Active Directory Manager, Active Directory Change Notifier and the Active Directory Reporter help IT organizations prepare for audits and implement solid policies that will have long-term, positive effects on the enterprise. For example, the Active Directory Manager and Active Directory Reporter offer an extensive report library, ready to use right out of the box. IT users can customize those reports to satisfy even the most detailed audit requirements.
These applications help IT managers with their audits and provide the tools needed to successfully complete the process.

Identity and access management policies

In many cases, adding personnel accounts and application is tedious, and involves inputting information about a new hire by hand, which could take days in some instances. Even then, some users may not have access to the applications they need, and often will have to log in using a colleague’s name and password while access was requested, cleared and granted. This is a huge security black hole for the enterprise. Implementing identity and access management software is a security process improvement that is essential in today’s corporate environment.
Identity and access management can also play a role in compliance issues. Using the native tools, all the audits involve the manual process of finding out who had access to what? Who authorized that access? When was it authorized? When was the last time they reset their password? Using an identity and access management application like the Active Directory Manager or the Active Directory Reporter will vastly improve and automate your audit process.
You may think a departed employee is gone forever, but if your organization doesn’t have a comprehensive identity and access management plan, you may be in trouble. Disabling user accounts during the employee termination process is a gaping flaw in most companies. Weeks, months and even years after an employee has left you can still see their names and personal information floating around. Compounding this security breach is the fact that in some cases, former employees’ accounts are still active. This access crisis can also happen when an employee changes jobs within the same company, but retains access to applications and information that isn’t appropriate for their new job anymore. If an identity and access management policy is too lax, it can create data loss and security breaches, and if the policy is too strict, employees who need access will simply find a way around it and defy the set policy.
If you’d like to talk more about the identity and access management policies in place at your company, please contact us directly.

Password Management with CionSystems' Active Directory Manager

For IT organizations, resetting passwords is routine work- everytime someone has an expired, forgotten or compromised password. The necessary evil, because it’s a tedious, time-consuming process that cuts into worker productivity and costs companies millions of dollars per year.
In the enterprise environment, password resets are the second most common reason workers call help desks. A centralized way of managing the passwords and password policies across your domains will save time and help resolve these trouble tickets efficiently.
The Active Directory Manager password management features are aimed at reducing the problem in managing a single / multiple user passwords and policies from a central point in your domain.
This video shows the Password Management feature in the Active Directory Manager.