Comprehensive IT audit using the example of a client from the tourism industry

About the customer

Our client is a leader in the field of detailed online terrain maps, which are used by thousands of users every day. Users can access various map layers, change views, zoom in and out, mark their favorite places, and share them with others. The application itself may seem like a simple solution, but features such as route planning option and offline map usage make it an incredibly useful tool. To improve the application and ensure data security, we conducted an audit of the IT infrastructure.

Services

• infrastructure audit

Challenges

IT audit involves a systematic and independent examination of an organization’s infrastructure, systems, processes, and information security policies. Audit in an organization aims to assess compliance with regulations, identify risks, detect weaknesses, and ensure compliance and optimization of activities related to information technology.

The client approached us with a server that was running out of available disk space. The infrastructure audit aimed to assess whether infrastructure expansion would be necessary, which would incur additional costs.

Solutions

In order to propose effective improvements for the client’s IT environment, we conducted an analysis of the existing system’s operations. We identified key areas that were affecting the smoothness and performance of the client’s website. Our goal was to find a solution that would deliver visible results in terms of cost optimization and increased security level.

During the audit, we focused on the following points:

• We noticed room for optimization in MySQL (MariaDB). By adjusting the database configuration, we improved its performance and efficiency, resulting in better query execution and shorter response times.
• The lack of properly enabled logging prevented capturing heavy SQL queries. We recommended implementing robust logging mechanisms to track and analyze SQL queries, enabling better issue resolution and performance optimization of the database.
• We proposed a solution with high optimization potential in terms of storage space, backup creation processes, and loading time. This involved migrating the resource-intensive component to the cloud, which would free up space, improve backup efficiency, and shorten loading time.
• During the analysis, we noticed errors in the process of automated database backups creation. We pointed out key areas that require improvement to ensure the reliability and efficiency of backup operations, minimizing the risk of data loss.
• We thoroughly analyzed the available testing environment on the server and proposed changes aimed at increasing its resilience to potential failures. By implementing appropriate security measures and backups, we aimed to protect the server from unexpected outages and mitigate the impact of potential disruptions.

Effects

The key benefit resulting from the analysis is the significant potential for optimizing the client’s server. Thanks to the suggestions from our technical team, the client will not need to expand their server infrastructure, and their IT environment will be sufficient for the current needs of the service. The proposed changes, after a thorough analysis, will have an impact on the security of information. They will also increase the performance of the website, reducing page load time, which will contribute to improved SEO of the site and reduced bounce rate.

Remember, the infrastructure audit aims to detect any potential vulnerabilities, security gaps, and irregularities in information systems. As a result, the audit allows for an assessment of whether IT systems meet the relevant regulatory requirements related to the protection of personal data and privacy.