The Business Case for Auditing Your Servers

It is interesting that when I talk to IT professionals and ask them about their security and compliance requirements for their server infrastructure that in some instances IT pros tell me that auditing their server infrastructure doesn’t apply to their organization or they can kick the proverbial can down the road. I can understand that sentiment if their organization was a small-to-medium sized business that may not be a public company and have to deal with SOX, or not in a well regulated industry that has to deal with HIPAA or FERC/NERC, but when an larger organization that is in a regulated industry states that they don’t need auditing on all their servers it seems a bit of evangelism is needed to get customers to realize that it is in their best interest to do so. I would also argue that this same evangelism should be considered by smaller organizations. In this blog post and a few others to follow I am going to talk a bit more about auditing, and in this one will discuss the business needs for auditing your servers.