Manage and Track Code Changes
SourceAnywhere Standalone
I’m a developer, and I’ve been writing code since 1979. I’ve never been a project
manager (I usually hire one) and prefer to write code myself. I had been using
Microsoft Visual Source Safe (VSS) for some time, but VSS began driving me
crazy. At one point, we were a team of eight using VSS all day, every day, to help
us convert between Microsoft Visual FoxPro and VB.NET. VSS was corrupting its
“database” weekly—and I truly object to calling files in a directory structure a database—
and I was spending too much time rebuilding it. I had to spend hours every
week fighting with VSS, and often had to rebuild it from scratch. I began looking for a
better solution and did an Internet search for “source code control.” SourceAnywhere
Standalone (SAS) came up, so I gave it a try. That was sometime in January 2005, and
I’ve been using SAS every since.
Installation was straightforward: I followed the installation
instructions, and it worked the first time. I’ve always
felt that a source code manager needs to be unobtrusive
and practically transparent, to the point that the user
doesn’t even know it’s there, and I feel that way about SAS.
It doesn’t get between me and the primary job, which is
making code work. SAS is faster than a bandit, the interface
is intuitive and easy to understand, and it doesn’t break. I
also like the idea of using SQL Server to store repository
data—it’s what a database is for. This is the source code
management tool I was looking for.
Reader:
Les Pinter
Founder,
Pinter Consulting
Product:
SourceAnywhere
Standalone
Company:
Dynamsoft
Contact:
Dynamsoft.com
Manage and Secure Unstructured Data
Varonis Data Governance
I work as the information
security officer for the
Children’s Hospital of
Wisconsin, and I was looking
for a software solution to
help maintain compliance
with the Health Insurance
Portability and Accountability
Act (HIPAA), which regulates
our use of patient information.
Because we have patient
information on Windows file servers, we not only have to ensure that
only the appropriate people have access to the information but also
have an audit trail of access to the information. Turning on file-level
auditing on Windows servers isn’t an option (due to the resources
that would be consumed), so I needed an alternative solution. I also
needed a way to view user and group permissions across resources, in
a concise format.
A VAR that the hospital works with brought Varonis Data Governance
to my attention. I’ve worked closely with this partner, who
understands the hospital’s needs and regulatory requirements, so the
VAR was sure I would be interested. After choosing to go with Varonis, I
found the installation to be very easy. I worked with Varonis before the
implementation to make sure that the hospital’s server and SQL setups
met the system requirements. Because everything was in place, installing
the system engine and client software took less than an hour.
Some of my favorite features include the ability to record all access
to unstructured Windows resources in an efficient manner. The hospital’s
storage requirements for the audit logs will amount to only a few
gigabytes per year, so there’s no question about efficiency. The ability to
play out “what if” scenarios with group permissions is also very useful.
I can alter group permissions and instantly see the impact on individual
users without actually making the change. The ability to identify unused
accounts, excessive permissions, unusual or excessive access patterns,
and access patterns for individuals that don’t match their group patterns
are also great features.
No product is perfect, and I’d like to see Varonis add some new
features. It would be great if IP addresses of users accessing resources
could be logged. I know Varonis does this for NetApp devices, but the
IP address isn’t available when other storage devices are used. I asked
Varonis about this shortcoming, and it seems to be a technological challenge—
the product can report only the information it intercepts from
system calls, and this information isn’t always available. I’d also like to
see information from Active Directory (AD) logs included in reporting,
which I think is actually planned for a future release.
Reader:
Chuck Klawans,
Information Security
Officer
Product:
Varonis Data Governance
Company:
Varonis
Contact:
www.varonis.com
Manage Endpoint Security
Promisec Spectator Professional
I ’m the manager of IT security and
process at Skadden, Arps, Slate,
Meagher and Flom, a large law
firm based in New York City. We were
in the market for an endpoint security
solution, so we reviewed a number of
products produced by a variety of vendors.
We wanted the ability to monitor
the security profiles of all machines on
our network from one central location,
without affecting users’ network performance.
After reviewing the available
products, we chose Promisec Spectator
Professional.
The Spectator console installation is quick and straightforward. Once
installed, Promisec supplies you with a unique key for that host and
you’re ready to scan. Promisec has several helpful features that we use
on a regular basis. It’s a great benefit that there’s nothing to deploy and
maintain on local workstations. Another great feature is the ability to run
detailed scans during business hours with no impact on local workstations
or the network. We’ve also used Promisec to customize what’s
allowed on machines from a security perspective; a reporting function
breaks down the information we need by host machine and also
lists problematic objects. The reporting function gives us the ability to
identify problems and deal with them quickly, which is essential to our
peace of mind. Promisec updates the definitions for problematic objects
monthly, which helps us keep the latest threats off our network.
The support from Promisec has been great. The company has been
quite responsive about incorporating suggestions and requests from
users into the product. For example, we needed some sort of indication
when a person is in the local admin group on a host, and Promisec
added that feature to the next release of the product. Promisec also
added the ability to perform enhanced file searches.
Reader:
Nancy M.
Lundergan,
Manager of IT
Security & Process
Product:
Promisec Spectator
Professional
Company:
Promisec
Contact:
www.promisec.com
End of Article
