The Gap Finds an IT Tool That Saves Time and Money
ID management tools help system administrators simplify user access to Unix, Linux systems. Part 2 of 5.
Tue, July 29, 2008
CIO — Welcome to Part 2 of our 5-part series on IT cost cutting. Each installment looks at money-saving IT projects that you can replicate, from Gap, Lafarge, Title Resource Group, the U.S. Department of Defense and Washington Mutual.
E-mail CIO.com writer Kim S. Nash and tell her about your money-saving project. Be sure to say how much the effort cost, what the financial returns were and how soon you saw them. Bonus points for projects implemented in three months or less, with substantial returns within a year. Your project may be featured in a story on CIO.com or in CIO magazine.
Compliance. You can't avoid it and you can't keep failing it. The best you can do is make it cheaper and easier and good enough to pass audits.
Anyone trying to comply with PCI and Sarbanes-Oxley regulations knows that passing an audit hangs on demonstrating that you control employee access to sensitive customer and financial data.
So it was at Gap Inc. Direct, which oversees the e-commerce efforts of Gap, Banana Republic, Old Navy and shoe outlet Piperlime. But controlling access wasn't simple in a mixed environment of mainly Unix servers, including Linux, and various Microsoft Windows operating systems.
Gap Inc. Direct uses Microsoft's Active Directory administrative tools. Among other features, Active Directory lets system administrators grant and control end-user permissions more easily than many Unix tools, says Jeff Arcuri, a senior manager of IT at Gap Inc. Direct.
Active Directory by itself doesn't support Linux or Unix so Gap's system administrators ended up having to assign employee permissions individually, to access different databases and applications, depending on the work they needed to do.
When it came time for PCI and Sox audits, auditors or system administrators had to collect the server logs manually to show who accessed what files when, for hundreds of servers. They could automate bits of the process with custom scripts but still, start to finish, the ordeal required up to 10 people working at least part-time on every audit, he says.
To automate more of the process and free up systems administrators for more valuable work, as well as make user access permissions in this mixed operating environment simpler, Arcuri deployed an identity management tool from Likewise Software. The software installation took about three months early this year and involved two to five system administrators at various points, Arcuri says. Installing identity management systems can help a company enforce policies for who can see what data.