A company with a complex IT structure needs to conduct comprehensive IT audits at least once a year. These help to insure that it isn’t mismanaging resources, exposing itself to legal risks, or leaving itself vulnerable to attacks over the Internet.
If an audit doesn’t reveal any bad news, you’ve done your job well and you’re fine. If it reveals problems, you have to take action to correct them. Let’s consider some of the issues that might turn up.
Resource management issues can include accounts that no longer belong to anyone, orphan directories and files, and unauthorized software. These may constitute just a waste of space, but they might provide a way for people to engage in activities without appropriate authorization and accountability. Accounts belonging to people no longer associated with the business should be deactivated, and their associated files should be archived.
Legal issues can arise when the audit turns up unlicensed software, or more copies of an application than the license allows. It’s especially important to remove illegitimate copies after an audit discloses their presence, in order to avoid a call from the vendor’s lawyer.
Security issues can be the most important of all, and the most difficult to evaluate. The description of a security problem may be highly technical and difficult to understand. What the auditor considers a significant security problem may not be important in the context of your environment, or one that the auditor overlooks may be critical. Be sure to get an explanation of why each reported problem is important and how you can correct the deficiency.
Audits are always unpleasant, but they can avoid consequences which are even worse. Take them seriously and follow up with any necessary action. Contact us to learn about our comprehensive IT auditing services.