|
You’ve been through it more than once by now: The yearly timeconsuming scramble to get all your IT systems into orderly compliance with the internal control requirements of Sarbanes-Oxley, or SOX. Access and identity management issues arise because your company uses not only Microsoft platforms but also Unix, Linux, and Mac to achieve best-of-breed IT infrastructure. You struggle to demonstrate internal controls in an environment where individuals can have multiple user names and passwords, and where user identities reside in more than one directory. Every time a user joins or leaves your company, you have to update each of these identity management systems separately — a time-consuming process that can leave security holes. The complexity of these identity management systems and their lack of central management increases the likelihood that something will go wrong. A user account with access to protected data, for example, might not get deprovisioned from one of the systems when the user leaves the company — which increases exposure to risk and might result in noncompliance. In addition, authorization mechanisms for your Unix, Linux, Mac, and Windows systems are completely separate, and your solutions for LDAP authentication seem to raise new questions all the time. Even after you’ve made it through the compliance gauntlet — audits, deficiencies, remediation, workarounds — there is little satisfaction. The day after compliance is achieved, that’s the day that non-compliance begins to creep back in — and soon thereafter the compliance scramble begins all over again.
|
