Too often, IT’s responsibility in compliance efforts turns into a repetitive, reactive stance, ruled by auditor demands, updates to regulations or tools, or any project that pops up to create a crisis-type demand for data. Just today, for example, IT Business Edge’s Mike Vizard reported on major changes to the PCI 3.0 specification that will […]
Too often, IT’s responsibility in compliance efforts turns into a repetitive, reactive stance, ruled by auditor demands, updates to regulations or tools, or any project that pops up to create a crisis-type demand for data. Just today, for example, IT Business Edge’s Mike Vizard reported on major changes to the PCI 3.0 specification that will increase the burden on IT for testing and reporting.
Tim Sedlack, senior product manager, and Todd Peterson, product marketing manager, Quest Software, have developed a list of five tactics to employ to operate from a less reactive stance and accelerate the path to successful compliance audits of all kinds, illustrated in this slideshow. In addition to the advice in the slideshow on the five tactics, Sedlack and Peterson provided more detail on how to make sure all possible preparation is in place to simplify compliance responses, no matter the source.
Deprovisioning: It’s not just about somebody leaving the company. It’s just as important for people moving around in the company, to ensure that access is appropriate for their new role, and that they don’t have inappropriate holdovers from previous roles. Automate provisioning and de-provisioning so that when an employee’s status changes in an authoritative data source (for example, the HR system), access is immediately and completely terminated. Then, unify identities so fewer places must be de-provisioned, and the risk of orphaned accounts is reduced.
Privileged Accounts: You really should be auditing everybody ─ privileged and unprivileged users alike. You want to know what everybody’s doing, not just a few.
Limiting Access to Critical and Controlled Resources: An additional important step as you are limiting access to critical and controlled resources is to make sure you also track and can receive reports and alerts in real time on changes to those resources, as well as failed access attempts and when permissions are compromised.
Codifying Controls: Reports not only should cover the static state of who has rights to what and the policies that control those rights, but also who does what with those rights – and especially who tries to do something that falls outside of approved activity.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
