High Risk(y) Business: Controlling the Threat of High Risk Shares
Try this: go to your favorite search engine, and type in “high risk share.” Chances are, you’ll get the same thing I did: pages and pages of financial information dealing with risky shares as they pertain to stocks. The definition and even identification of a high risk stock is fairly straightforward (at least in theory). In the IT space, though, high risk shares are much broader in term, and can be difficult to identify (which, in turn, makes them difficult to govern). Unlike a stock market,…
Controlling SharePoint Sites
SharePoint is growing more and more prevalent in organizations, and offers a great way for users to interact and share content remotely for collaboration on projects. With the increasing use of SharePoint, however, SharePoint admins are facing the same issues that plagued (and, in many cases, continue to plague) administrators of the distributed file system. Increasingly, sites are growing stale, violating ethical wall regulations, and being deemed “high risk” in terms of access and permissio…
The Exchange Mailbox Mess
Permissions get messy over time. Whether it’s in Exchange, SharePoint, the File System, Active Directory, or elsewhere, people will enter and leave the organization, change roles, and require different levels of access as time goes on. Exchange mailbox permissions offer a particular challenge because of multiple layers of access: permissions associated to mailboxes, delegate rights assigned, and even mailbox rights in Active Directory on the user’s account.
Multiple problems can result: Defa…
Back to Basics for Security: Why Industry Compliance Regulations Matter, and Why They’re Hard
We talk about governance and compliance a whole lot on this blog, and for good reason. Across the board, IT security is a difficult undertaking, and it’s becoming more challenging by the day. For one thing, security threats from outside of the organization have only increased in the last few years, with hackers becoming more sophisticated. From the glamorization of hacking in popular culture (see Girl With A Dragon Tattoo hacker heroine Lisbeth Salander) to ‘hacking kits’ available online (se…
The SharePoint Governance Challenge
Microsoft SharePoint has become a leading solution for enterprise collaboration and document management. SharePoint supports a decentralized approach to administration, allowing organizations to assign Site Collection Administrators and Site Owners responsibilities for managing subsets of SharePoint content. While this delegation of responsibility may streamline the collaborative process in ways, it comes at a cost. Without proper governance plans in place within your SharePoint environment, …
WikiLeaks and Data Governance
WikiLeaks has spotlighted the susceptibility of public and private sector entities to fall victim to disclosures of confidential information. The fact of the matter is, if WikiLeaks gets shut down tomorrow, there are thousands of others like them.
The only way to address risks of this nature is to understand and lock down the permissions on the file system and other shared data repositories within companies and agencies. However, a typical file system at a Fortune 100 financial institution c…
Key Business Problems for Systems & Data Administration
We wanted to take a minute and discuss some of the key business problems that Systems and Data Administrators face on a daily basis. Hopefully, bringing them to light will help you to examine what’s going on in your organization’s environment, and will help you to preempt some potentially costly situations.
There are three main areas that, in the places that they intersect, form the basis for data with real Business Value:
When you look at your environment, the areas of biggest concern can …
Active Directory Maintenance & Clean-up
If you’re an Active Directory administrator dealing with Maintenance and Cleanup of your systems, you know what a daunting task it can be. To help, we’ve come up with a list of Best Practices / Tips that every admin should know:
Users – User objects are often tied directly to different application andservice licensing agreements. Many organization get around this issue by negotiating to an official employee count. Beyond licensing, user objects left in AD create overhead for the directory ba…
PCI Compliance
Why was PCI DSS developed?
Privacy and security breaches involving credit card transactions pose a clear danger to credit card companies and financial institutions. The PCI DSS standard was developed at the urging of large credit card companies to help organizations that process credit card payments to prevent privacy and security breaches through hacking and other means. The standard became mandatory for all companies that process credit card payments in 2008.
Companies that are not PCI com…
The StealthAUDIT Management Platform for Systems and Data Governance
Every day Administrators are constantly asked to answer seemingly simple questions like Who? What? When? Where? and even How? users have access to systems and data within the infrastructure. STEALTHbits Technologies, Inc. takes a unified view on the IT world to bridge the gaps between Active Directory domains, systems, key applications, and shared data repositories to provide a single, comprehensive approach to assessing and securing the environment.
The StealthAUDIT Management Platform is d…
