By automating event detection and notification, you can quickly involve key stakeholders and expedite your ability to assess the risk associated with the unauthorized change. Seek to implement a solution that not only provides you automated notification, but can also automate the rollback process of an unauthorized event if stakeholders deem it necessary. Furthermore, compliance and security teams need the ability to perform forensics to determine the root cause of the incident, so all activity must be captured in audit logs that are securely stored and can be easily accessed.
* Reduce workload while improving adherence to process. To efficiently meet the demands of the business IT organizations should look for solutions that can automate and standardize some of the most common, routine, and burdensome administrative activities. While many solutions provide automation specific to a common task, you should seek a flexible tool that can tackle multiple common processes such as user provisioning and de-provisioning, compliance reporting, security checks and ongoing routine maintenance (which includes stale account clean-up). This ultimately reduces workload and improves process adherence across the IT organization.
* Simplify auditing and reporting. Most IT solutions provide native auditing and Active Directory is no exception. However, that native auditing is impossible to read and even more challenging to understand. To improve security and demonstrate compliance, all tools you employ should provide detailed and easy-to-understand auditing and reporting.
Make sure you can capture and demonstrate information in a way that is easy for a human to read and shows who performed an activity, what the activity was (including before and after values of a change), when the activity was performed and where the action took place. With this level of detail, it is much easier to perform forensics and generate meaningful reports that demonstrate compliance. Without this information, your IT staff could be forced to dig through hundreds of thousands of audit logs when performing forensics after a security event, as activities are typically logged continuously, creating massive volumes of data to dig through. Looking for a specific event in that volume of data is like pursuing a needle in a haystack.
While Active Directory plays an integral role in enterprise IT, most infrastructures comprise multiple flavors of UNIX, Linux, Mac, VMWare ESX and other systems and applications. These various platforms present similar challenges with respect to control, change detection, administrative burden and compliance. Consider leveraging the controls you instituted in Active Directory to control and secure your heterogeneous computing environment.