As I mentioned in my previous blog post, I used to run a small encryption team at a large organization before I came to work for WinMagic. One of the key responsibilities we had was to generate FISMA (Federal Information Security Management Act) compliance reports for NIST SP 800-53, AC-3 and SC-13 controls. What does that mean? Essentially, these are reports that ensure key security standard requirements are met within the organization for Government regulatory purposes.
When we had to go through this exercise, we had to begin two weeks prior to our reporting deadline. The reason we had to start so early was due to the fact we had five different teams, managing five different pieces of software, and had to compile all the data from these disparate systems. To ensure the compliance report was accurate took time because of the way all these independent systems were managed.
This how it typically worked:
- Start with Asset Management. This team pulled their information into our custom-made Access Database to get all of the baseline data of the devices that were on record.
- Move to Active Directory. This team would pull a list of devices that were registered and pull them into the same custom database.
- On to Mac Encryption. This team would provide the data on the encryption status of all Mac OS X devices and add this to the database.
- Deployment. After working with the three previous teams, we’d go to the Deployment Team to identify systems that were scheduled to get the Windows deployment package and then, yes, you guessed it, import that information into the database.
- From there, I’d go to my team and export all the information we had access to and import that into this master database.
For those keeping score, that’s a lot of information on a lot of systems coming from a lot of groups. It wasn’t the least bit efficient and very challenging and time-consuming and the best part? We weren’t done yet!
Once we had all the different data sources consolidated from the five different management teams and their corresponding consoles, we had to write a VBA code that would compare and compile all the information for FISMA.
The funny thing is, this still happens today. Organizations have different systems to manage different devices. It’s a largely inefficient way to manage this kind of information and really creates unnecessary cycles for administrators.
It’s one of the key reasons we’ve tried to close that disparate system gap with SecureDoc 6.1. While we’re not a pure-play MDM provider, we’ve now incorporated the management of mobile devices other than laptops into our management console. This means that administrators can use the main SecureDoc web console to run reports like this. With SES Web, we can identify: laptops, desktops, iPhones, iPads, Android phones and Android tablets, windows and Mac devices… it doesn’t matter; we can see the encryption status of all of them through one console.
Something that used to take me two weeks to get done can now be done in hours. This type of time and cost savings is invaluable to customers and to the sanity of IT administrators everywhere.
Click here for more information on how SES Web can help you!