The scary truth about compliance audits…

I recently read an article on computing.co.uk written by research and analysis firm Quocirca stating that less than “20% of organisations fully automate the gathering of data for audits”. Does this surprise me? Not one bit! A majority of organisations we talk to are still taking a “fire fighting” approach to auditing often using native tools. This study also goes on to state that 70% of those surveyed admitted that often changes were made immediately prior to audits in order to meet the audit requirements, which then lapse following the audit. So ultimately what this tells us is a majority of organisations aren’t taking auditing seriously enough and are only compliant at certain points in time and rarely really know what’s going on within their Infrastructures. The question then begs, given the implications of a failed compliance audit, a security breach, data theft or just a system configuration change made in error why are organisations taking such risks?

In my experience it’s often down 3 misconceptions about auditing solutions. The first being complexity – often when you say the word “audit” organisations immediately associate this with “complexity”. The second being time – there’s a perception that the deployment and management of such a solution will take up precious time of the IT department and then finally and importantly is cost. While a majority of organisations would love to understand their infrastructures better often they are restricted by budgets for such solutions. Organisations with some or all of these concerns need to look at NetWrix. While these perceptions are founded when looking at auditing using some of our competitors solutions the NetWrix approach to auditing is genuinely simple to deploy and manage, within reach of even the tightest budgets even often resulting in significant ROI, and is designed to be completely lightweight.