As an IT manager of a small or medium-sized business (SMB), you may find yourself asking, "How can we affordably and effectively store and archive data to meet regulatory compliance demands?" It sounds like a daunting task, indeed. But who doesn't love a good challenge?
The key to regulatory compliance is the ability to enforce and monitor security policies and processes at any given time, all of the time. And an SMB must plan and maintain an effective security strategy for its business infrastructure from the onset to serve as a solid foundation for regulatory compliance.
Of course, early precautions taken against security breaches and network vulnerabilities are much easier and less costly than late reactions to a direct violation. So remaining on top of relevant security issues as they change with occupational considerations and operational environments is key.
Make the most of your current infrastructure
A typical Windows infrastructure that serves as a storehouse and interface to customer or patient information is largely managed through Active Directory. Active Directory allows administrators to assign enterprise-wide policies, deploy programs to many computers at once and apply critical updates for the entire organization.
But Active Directory can also help meet many regulatory compliance demands through its integrated Group Policy assignments, which gives you the ability to enforce role-based access management and audit controls across Active Directory files, folders, shares, printers, registries and services.
In fact, with the software and features already in place, you can ensure a secure and compliant networking environment by tracking all critical Active Directory, Exchange and File Server changes (preferably in real time) and detail who accesses which resources where, and why. You should also be sure to include both original and current values for any relevant changes.
Automate where possible
You should also automate compliance reports for company policies, government regulations and industry standards to please the powers that be and maintain operational efficiency.
Where applicable, automatically resolve noncompliant security configurations and safeguard both user and customer data through separation of duties. This will also make more effective use of time, resources and manpower involved with regulatory compliance demands by making such processes a natural function of the network.The key to regulatory compliance is the ability to enforce and monitor security policies and processes at any given time, all of the time.
Thankfully, the storage market is constantly evolving and there are many configurations and options to suit any combination of needs. Storage devices are getting smarter and more secure, the best being able to integrate with existing security and compliance frameworks. Buffalo Technology Inc.'s TeraStation Pro, for example, is a good, entry-level, low-cost product that can integrate with Active Directory.
Use as much in-house knowledge and existing resources as possible to minimize the amount and cost of compliance or security-related expenditures. While some companies invest considerable money and effort on external security analysts, compliance experts, relevant software, supportive hardware and all available manpower, SMBs must learn to make the most of what they've got.
Justin Korelc is a longtime Linux hacker and system administrator who concentrates on hardware and software security, virtualization and high-performance Linux systems.