HP has enhanced OpenView to allow data from other OpenView tools to be brought together and re-used for compliance and auditing purposes.
Called OpenView Select Audit, the software is a free add-on which lets compliance become an incidental benefit of doing something that you need to do anyway -- namely automating and simplifying how you do systems and network admin, says Dave Clarke, who runs pre-sales for HP OpenView in the U.K.
He points out that advanced software tools simplify administrative tasks, often by automating them. For example, HP also announced OpenView Select Identity, which allows users to reset their own passwords via a web interface, while admins altering a user's access rights only need to make the change once and it is then pushed out to all the relevant systems automatically.
However, this automation creates new problems in other areas, Clarke says. In particular, it is why more and more network and systems admin tools are gaining change management capabilities -- tracking what happened and who did it, along with a digital signature and timestamp.
"Change management is a very strong trend in this area," Clarke says. "It's a process that supports the people who have to make changes, but it also provides a data repository for the policy staff and auditors.
He says that because Select Audit can draw upon change management data that already exists, it means that no extra work is required to generate compliance data.
HP says that Select Audit's includes an HP Labs-developed modelling framework, which maps IT audit controls to compliance guidelines. It integrates with HP OpenView's identity and access control tools for security auditing, and also features reporting tools designed to meet the requirements of regulations such as Sarbanes-Oxley.
"Policy-based controls are fantastic, but you now have a separate constraint coming in from the side which is compliance," Clarke adds. "More powerful management tools give you easier changes, but then you have to beef up the audit trail and show your managers and auditors the mapping between your stated policies and the measurements coming up from what's really happening."