Most organizations know the importance of regular IT assessments to manage the security of their organization, but simply don’t have the time, money, or manpower to perform one—or they may not know where to start. If that sounds like you, here are some questions to help you get started.
Six IT Assessment Questions to Ask
1. Are compliance regulations being followed?
If you’re operating in the cloud and your organization needs to adhere to regulations for government (CJIS), healthcare (HIPAA), credit card transactions (PCI DSS), or overseas operations (GDPR), you’ve probably already chosen a provider that offers compliance for one, some, or all of these. And although cloud providers should understand the regulations their clients are held to, ultimately achieving cloud compliance is up to you. So, performing a cloud audit and comparing against regulations is a must (a reputable provider will make the process easier for you). Now, if you’re operating in your own on-premise servers, you’ll need to do an audit on yourself for regulation compliance, a time-consuming but necessary task.
2. Are any systems causing major inefficiencies?
Inefficiencies can cost money, lessen productivity, and impact business performance (in turn affecting customers and their perception of your organization). So, a thorough check of systems should be performed to see where inefficiencies may lie. For example, siloed data sources could be eating up a lot of resources, making managing process-flow and operations very tedious; your IT analysis may determine that it would be beneficial to utilize a data pipeline to consolidate sources and improve visibility company-wide.
3. Is all software up to date?
If you’re working with a cloud provider, this should be a quick check. Per most SLAs, updates, patches, and license renewals are done automatically. However, if you’re maintaining some software onsite, your audit should involve examining software licensing agreements to ensure there are no potential legal issues lurking due to piracy, infringement of copyrights, etc. You’ll also want to be sure there is no unused software running, as this can cost thousands per year.
4. Which workloads are in the cloud, and which may move?
Maybe you’re one of those companies that have already fully migrated to the cloud to take advantage of cost savings, virtual and physical security, IT expertise, and more; maybe you’re more comfortable keeping some data closer to home, and have only moved some operations off-site, taking advantage of a hybrid cloud solution; or perhaps you’re still completely on-site. With an IT analysis—no matter which solution you’ve chosen—you may be able to determine that moving more workloads to the cloud could benefit your organization (or, conversely, moving some workloads back on-premise, known as cloud repatriation, would be in your best interest). Only a proper audit can help identify what’s best for your organization. (If you do decide to migrate more workloads to the cloud, check out our Cloud Migration Infographic).
5. Are proper security and recovery protocols in place?
Despite the increase in data breaches, many organizations still view security as a cost, rather than an investment. If that sounds like your organization, a thorough security check needs to be performed as part of your IT analysis to ensure your data—and that of your customers—is safe. The analysis should include checking that your infrastructure is continually updating, replicating, and performing backups. Archiving should also be performed to help backup operations; this is done by prioritizing information to determine its criticality, and if it needs to be produced more, or less frequently; this also eliminates the waste and expense of backing up non-vital emails, attachments, video, and other data contributing to data volume. If the organization comes up short, it may be time to invest in technologies that ensure resiliency, recovery, and restoration.
6. Is onboarding and regular IT training in place?
The number one cause of a data breach is human error, so employee education cannot be stressed enough. Your audit should turn up how often employees are trained, and what they’re learning, such as how to treat suspicious emails and links, password security, social media policies, and more. Special training may also be required for remote employees. If they’re not trained enough, or the curriculum falls flat, a retooling of the process should be considered.
Need Help with Your IT Assessment?
You can learn more about the ways in which an IT audit can bring about change to your organization by downloading our free eBook. If the task still sounds daunting, DSM can help. Talk to an IT security expert about getting a free IT assessment for your organization today