Got Discipline?

Of course, outside requirements come into play too. Although there's no magic bullet that will make your organization compliant with HIPAA, the Gramm-Leach-Bliley Act or ISO 17799, you can interpret applicable portions of the regulations into policies that can then be enforced and monitored (see "Complying With the Feds,"). Our motto: Speak softly and carry a big yardstick.

Let's Focus

Sheer volume and complexity can make monitoring servers and desktops a nightmare. If you're a Windows-only shop and your desktops and servers are in a domain or Active Directory tree, Windows' Group Policy Object or SMS (Systems Management Server) might be sufficient to ensure policy compliance. However, once an environment becomes even slightly more complex, the task of monitoring becomes much more difficult.

We talked with an IT manager from a multinational petroleum company that deploys more than 4,000 servers and 70,000 workstations worldwide. Although many of these hosts are Windows computers spread across multiple domains, a number of servers and workstations are standalone. Even with tools embedded in Windows and an SMS deployment for desktop management, this organization spent a lot of time writing scripts to gather data from hosts across the network and used Excel spreadsheets to generate reports. A system engineer devotes one weekend per month to running reports--on topics such as disk usage, service pack and patch levels, and security policy configuration.

On the other end of the spectrum, a small hospital with 2,000 workstations, 40 servers, and an IT staff of five needed a view of workstation and server configurations and wanted to create reports showing user access in the file system and tracking access to specific files across the network. It needed to query configuration on Novell's eDirectory and NetWare 6, and Windows 2000 and NT servers and desktops, but did not have the developers to write custom scripts--it wanted a COTS (commercial, off-the-shelf) product.