Why Is Auditing Such a Pain?
At Microsoft Tech-Ed 2010, I moderated a roundtable discussion on Active Directory auditing, although the discussion sometimes spun off into auditing things like Exchange, SQL Server, SharePoint and the like. One thing we all concluded was that, simply put, auditing sucks.
The computing power to produce detailed audit messages across a wide range of possible events is non-trivial, leading many organizations to decide to forgo auditing certain things just to maintain a certain level of workload capability. How messed up is that? Organizations have spent years of time and millions of dollars building their own auditing systems. Of course, there's a robust third-party market in auditing solutions, all of which take different approaches and all of which claim to be the best. Where's a decision maker to turn?
Based on that Tech-Ed discussion, as well as some recent conversations with clients, I'm trying to wrap my head around some of these issues -- and I'd love your feedback. There's a very quick, five-question survey that you can take to help me see where folks stand on some key differentiators. At the end, there's also an opportunity to provide even more detailed feedback through a phone or e-mail conversation with me. If you can spare 15 minutes for a call, I'd certainly appreciate it, no matter what size organization you work for. I'll summarize the results -- this may be a paper rather than a blog post here, but I'll make sure you get a copy either way.
Posted by Don Jones on 11/08/2011 at 12:39 PM