Increasing interconnection poses an enormous challenge to security 

Configuration of complex systems such as an Active Directory involve the difficult task of keeping a permanent overview about these systems. Systems and users are interlinked in certain groups, which are then basis for e.g. allocation of rights, resulting in a complex, dynamic, growing and sensitive system. Therefore, changes to and of this system are of particular importance.

The fact that normally, Active Diretories have very few possibilities to control and monitor policies which have been creating themselves and which result in actual access options to files, directories and other resources adds to this safety-related problem.

In addition to technical conditions and problems, legal aspects are also to be taken into consideration. Current and planned legislation includes requirements with regard to data storage, making management of current structures even more complicated.
As a result, all event information of all systems have to be protected!

Until today, the desire for more information about who accessed when which files and better security was mostly internally-driven. However, as nowadays organisations and senior executives are more and more frequently made responsible for loss of information or incomplete and insufficient security precautions, it is very important for IT administrators to familiarize with internal and external guidelines which might be applicable for their environment. Internationally operating enterprises are forced to handle even more complex data protection issues, as in addition to German and European Guidelines, laws and regulations of other economic areas have to be adhered to.

Laws and regulations in Germany

In Germany, relevant laws and regulations are (amongst others):

• Federal Data Protection Act ("Bundesdatenschutzgesetz" BDSG)
• Law on Monitoring and Transparency in Businesses ("Gesetz zur Kontrolle und Transparenz im Unternehmensbereich" KonTraG)
• Stock Corporation Act ("Aktiengesetz" AktG)

Relevant regulations in USA 

Furthermore, legal regulations in the USA play an important role for an increasing number of companies, such as for example:

• Sarbanes-Oxley Act of 2002 (SOX)
• Health Insurance Portability and Accountability Act (HIPPA)
• Electronic Discovery (eDiscovery)
• Federal Information Security Management Act of 2002 (FISMA)
• Federal Information Processing Standards (FIPS)

Senior Executives are to assume liability

The issue 'personal liability' is of particular importance. Should management or board of directors fail to meet their obligations with regard to security and protection of assets causing financial losses, this might result in personal liability and direct compensation for damages for both management and board of directors.   

VA Audit is the solution!

The VA Audit product line enables you to comply with legal and practical requirements for risk prevention as well as legal regulations of the Federal Data Protection Act. With VA Audit, you can easily and efficiently implement all necessary logging and auditing of your Active Directory.