Background : A SOX compliance audit is a measure of how well your company manages its internal controls. We are working with our customer in ensuring that proper controls are in place to prevent data breaches and have tools ready to remediate incidents should they occur. As part of this, we are engaged in auditing active directories of our customer for the active directories comparing the employee data from HR applications.
Customer is having 4 different active directories for their companies and also there is a master active directory which contains all the directories. The information will be flowing from the master active directory to other directories in specific time frames and intervals. They have two different platforms for managing the employee data in addition to prehire from an external service
They want to audit each directory for user access related rules, mismatch and access difference between the domains etc, in making sure the each user is having only required permission at required domains for the required period depending on the employee data from HR and prehire application
Execution : The audit involves in making configurable audit rules and its actions using expressions in a real time without needing to compile and deploy. Audit should be able to send the report in the excel format to the required people/groups and also create an incident in servicenow giving the details so that the specific team can act on it.
This was really challenging project in handling the huge amount of data of a big company and that handling multiple active directories and connecting multiple platoforms. This required us to look every bit of code in a very optimized way such that we dont make unnecessary calls to DB and active directories and the code should be really optimized and well written. Apart from this querying for the active directory servers and fetching paged data and handling it properly. Also managing the queues effectively and using parallel programming for efficient handling and then connecting multiple platoforms.
The other challenges is being able to add dynamic rules and actions. We have to make this in a modular way such that we can add/modify the required active directories. We have used some of the advanced concepts in c# like expression evaluators.
Tools & Technologies: C#, MVC, Windows Service, Entity framework, MVC, Smart Thread Pool, People Soft, ServiceNow, ICIMS