Case Study: Skeletons in the IT Cupboard

How an IT audit inadvertently exposed the unsettling reality

ACEHOBA had been engaged with this professional services client for approximately a year providing web design, training and procedural services.
During that time, their IT support provider had upgraded the entire network. The project was plagued by delays and unfulfilled promises and as a result, the client undertook a review of their IT support arrangements.
ACEHOBA was commissioned to provide an independent audit of their IT systems and devise a disaster recovery plan.
We audited the entire network infrastructure: the logical mapping of the local area network, the configuration of the server and desktop environment paying particular attention to the security aspect, software licenses, hardware warranties, spare capacity, performance issues, back up arrangements to mention a few.
ACEHOBA presented the findings to senior management identifying the issues which required attention and making recommendations on how to resolve them.
We established very early on that critical assets were sold for new when they were in fact old and the hardware casing was changed to suggest it was a different model. The IT support provider had issued fake warranties on these assets.
Software license keys the client had paid for were registered to another local company.
There were no basic security considerations, e.g. the firewall rules were contradictory allowing easy access to anyone who would care to try. When asked to provide system administrator passwords the supplier admitted they did not keep any records and, as a result were guessing them, suggesting that passwords may be recycled amongst more than one client.
In conclusion, while the client IT systems were functioning, the audit exposed the high risk to which the business was exposed without the knowledge or approval of senior management. We implemented new security controls, both logical and through new devices. The client purchased valid software licenses and has had to replace failed assets and buy new parts. A disaster recovery plan was devised taking into account the reality of the IT infrastructure.
Understandably, the results of the audit were unpleasant for all concerned and the client felt they could no longer continue the relationship with the IT support provider. We assisted them to take proactive action and gain back control of the risks their business was exposed to.

 

get social


Join us on LinkedIn

 

make contact
T (+350) 200 40157
Skype Gib.IT.Support