We’re all aware of need for IT compliance and know that organizations processing sensitive and confidential information must follow a set of rules, standards, and processes protecting customer and user information. This generally involves presence of certain software like anti-virus, data monitoring agents etc to be in a healthy state on a end-point.
How should you maintain compliance in your IT infrastructure ?
- Make sure for your Anti virus its version, definition, scan frequency, last scan, firewall is enabled
- Your data is encrypted using correct encryption method
- Make sure common softwares like Java, Reader, Flash are of proper version to minimize security loopholes
- Your machines have latest patches
There is constant effort made by organizations to verify end-point compliance via L1 support teams. However, often the constant compliance drills can become overwhelming, especially in organizations where the sheer quantity of system controls can feel beyond a team’s reach. As a result organisations are in need of IT compliance automation solution for reducing L1 support & dealing compliance issues remotely.
How is compliance actually maintained in organisations ?
- They extract list of non compliant using existing tools like SCCM, Anti virus
- They try to make them compliant by using SCCM
- For remaining machines they do it manually
- Typically this cycle is anywhere between 1-2 weeks with no realtime mechanism to see the effectiveness
- Due to time lag there are many false positives resulting in wasted effort
Case Study – IT Compliance Automation
A consulting major, in spite of having best traditional PCLM tools like SCCM, was facing regular compliance issues which resulted in a large number of ticket generation. If a machine had turned into a state of non-compliance, the user id of the employee was disabled temporarily. As a result, it required a L1 support engineer to manually locate the machine and resolve the issue. However, in some cases where the machine is unreachable, for example if an employee is working from home, the issue remained unresolved until he/she physically went to office. So, they asked for solution that can automatically detect and perform remediation of compliance issues effectively on premise as well as remotely and reduce the need for human involvement.
The Effective Solution
The goal for Anakage was to come up with a solution that could replicate the tasks a L1 engineer would do if machine was reported as non-compliant. It should also report initial and final states of the machine before and after running the solution on different parameters.
The first hurdle to implement the solution from infrastructure point of view was how to distribute the solution to the non-compliant endpoints. This was resolved by the presence of SCCM connectivity which was used to send solutions to machines and also run the solution with appropriate privileges.
One of the checkpoint of compliance was presence and healthy state of Symantec Endpoint Protection. This included a number of checks like having correct version of Symantec, running and automatic state of Symantec service, up to date virus definitions, regular scans should be performed etc for a end-point to be considered healthy for Symantec checkpoint. So the solution executable will check initial states, for instance correct version, service states, custom rules according to company policies etc and send the report for it to web portal. If initial detection finds the state of the machine to be unhealthy on some parameter, it will start to act appropriately. If a fresh installation of a software is required, it will automatically download a copy of software with the correct version that can be specific to a region also and install it. Post taking all the necessary actions, it will again check the health on all the parameters and report to the web portal. After the work of solution executable is completed, it removes itself and the other extracted files from the end-point.
Today, having such a solution in place provides management with a detailed status of machine health with real-time reporting on web portal and also to fix the machine if required without having need of human intervention. Most effective discovery was that false positives were taking most of the manual efforts by L1 engineers. The team must not spend time on such cases. The remaining cases are fixed automatically. Whatever cannot be fixed is dispatched to L1 team to resolve manually. This has led to a drastic decrease in number of compliance related tickets and escalations being made regarding the same.