IT Decision Maker

Blog archive

Why Is Auditing Such a Pain?

At Microsoft Tech-Ed 2010, I moderated a roundtable discussion on Active Directory auditing, although the discussion sometimes spun off into auditing things like Exchange, SQL Server, SharePoint and the like. One thing we all concluded was that, simply put, auditing sucks.

The computing power to produce detailed audit messages across a wide range of possible events is non-trivial, leading many organizations to decide to forgo auditing certain things just to maintain a certain level of workload capability. How messed up is that? Organizations have spent years of time and millions of dollars building their own auditing systems. Of course, there's a robust third-party market in auditing solutions, all of which take different approaches and all of which claim to be the best. Where's a decision maker to turn?

Based on that Tech-Ed discussion, as well as some recent conversations with clients, I'm trying to wrap my head around some of these issues -- and I'd love your feedback. There's a very quick, five-question survey that you can take to help me see where folks stand on some key differentiators. At the end, there's also an opportunity to provide even more detailed feedback through a phone or e-mail conversation with me. If you can spare 15 minutes for a call, I'd certainly appreciate it, no matter what size organization you work for. I'll summarize the results -- this may be a paper rather than a blog post here, but I'll make sure you get a copy either way.

Posted by Don Jones on 11/08/2011 at 1:14 PM


comments powered by Disqus

Reader Comments:

Wed, Jan 18, 2012 Richard

There is a newly emerging toolset based on Azure as a hosted service for AD audit. Watch this space!

Fri, Dec 9, 2011 Neil Jackson Virginia

There is a general misunderstanding presented in your argument over auditing sucks. For those who perform audits they represent sampling of system activities/executions and validation of their authenticity, authorization, compliance, supporting reason/purpose, scope of use and activities that occur as a result, that impact the company, its financial reporting, controls, etc. In other respects auditing in its continuous form is in many instances a process of QA and r QC, with exceptions being extracted and their disposition being recorded. Auditors will again sample these processes for effectiveness and reliability as to effective controls, alliance to policies, procedures, etc. to determine if a pattern of exceptions reflect a serious, material of critical problem for which management should be criticized / held to account. When someone responsible for a process removes, turns off an audit system, they take on all risks associated with their actions, including being terminated based on the significance of the control / audit system involved. Suggesting an audit system or point of validation interferes with processing efficiency or production scheduling reflects in many cases a disrespect for management and system controls and to an auditor these individuals are problematic to the quality, compliance, security and process effectives, reliability and accuracy and in my opinion need to be removed. Let's talk more. Certainly not all systems warrant such concern or risks to an organization. However to group auditing as something that sucks is relatively ignorant. Since audits really protect individuals from being erroneously charged with policy violations, system errors, accounting errors, etc. Audits do nothing for auditors. Audits when properly performed protect the auditee, those being audited and they should be valued not dismissed as "auditing sucks."

Tue, Dec 6, 2011 Jesse

Hey Don,
You mention a “robust third-party market” in auditing solutions. Can you give me some recommendations as to companies/solutions that I should look into? We just started the evaluation process and so far we’ve looked at quest change auditor, netwrix change reporter suite, and manageengine’s admanager plus. Any other solutions that you can recommend?

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.