Technology auditing is a tried and real activity. Growing demands for technological advancements along with the increasing number of applications have changed the infrastructure components and management efforts. Managing the technological landscape and auditing them for compliance has become an uphill task. A company in most cases has the choice between manually auditing infrastructure servers, end-user computers and purchasing automated audit compliance solutions to reduce the time. The decision to deploy automation tools can be influenced by many factors, some specific to the company and others related to the specific IT function within the company. The primary purpose is to help and ease out the IT and business by reducing the downtime through faster automation techniques, reduced admin efforts and thereby cost savings through the efficient use of available resources. 

Our client has over 2,000 global customers encompassing a wide range of industries including software, healthcare, retail, media and entertainment, financial services and technology. They protect nearly four trillion files and applications and apply more than eight million security patches each year. They own and operate six strategically located data centers under an ITIL-based control environment validated for compliance with HIPAA, PCI DSS and SOC (formerly SAS 70) frameworks.

Tangible benefits achieved

1. 4X reduction in the effort – The entire setup was made possible with a single resource instead of a team
2. Rigorous and accurate – No manual intervention that resulted in zero defects
3.  Rollback compatible – Changes maybe reverted to original condition with one click 
4. Streamlined Compliance Initiatives – The solution delivered an automated, integrated and fully configurable solution

Your client embarked on an initiative to fully comply with all the necessary regulations and compliance tasks. The risk managers struggled to perform compliance work on a continual basis, and periodically assure the effectiveness of internal controls due to the vastness and complexity of the business infrastructure and functions. Furthermore, the company could not accurately report and analyze data, leading to different and inconsistent reports. This lack of visibility hindered the corporate-wide risk and compliance initiatives. On that note, they were in search of an automation mechanism which addressed complex workflows with minimal human intervention. The team adopted design thinking principles to provide a compelling end-to-end solution for automating the above challenges. We offered a consistent and repeatable process for compliance and security.

A single web URL could carry out a robust 3-step process for all 2000 servers for 200-300 control auditing requirements. We then developed a centralized solution for the remediation of every server from a single web URL. The URL functions and performs three actions upon invoking:

  1. Scan the target server for potential fixes
  2. Apply fixes to the determined vulnerabilities
  3. Revert the changes done if required. 

This condition required us to solve a combination of server-side technology (PHP) and set of Shell Scripts (Bash) in compliance with CIS (Center for Internet Security) standards. The solution automated the most complex and manual-heavy task of dependency analysis for each server across integrated landscapes.

The traditional management methods demand extra human bandwidth and amplified maintenance window, which in turn means lower availability at a higher cost. Though automation tools are available in the market, they are focused on specific technological areas and require much coordination between cross-functional teams. One can improve efficiency and mitigate operational risks across your enterprise systems with automation. We are experienced to deliver centralized governance, compliance audits and consistent security practices for infrastructure availability, uptime and stability