Skip to main content

IT auditing 'should be automated and flexible'

Rachel Wheeler Archive
Audit testing processes for data management and IT operations need to be automated and flexible, according to one expert.

Michael Hamelin, chief security architect with security lifecycle specialists Tufin Technologies, believes that most IT auditing processes do not go much further than a box-ticking exercise.

Part of the reason for this, Mr Hamelin explains, is because customized security audits are labor-intensive. Ideally, the process should be automated to reduce this burden, while being flexible enough to adapt to technological advancements.

He goes on to suggest that external testing is another area that is often overlooked: "External testing targets a company's externally visible servers or devices including domain name servers, email servers, web servers and firewalls, with the objective being to discover if an outside attacker can get in and how far they can get in once they've gained access."

Phil Wainewright, vice-president at EuroCloud, believes that incorporating virtualized storage into data management processes can free-up resources for other IT processes, such as auditing.

Posted by Paul Newton