Publiceret: 6/2/2010
Visninger: 447
Bedøm casen:

Audit Bureau Qatar Audit Bureau Qatar Aims at International Recognition for High Level of Security

The Audit Bureau Qatar is in charge of auditing the entire public sector, including financial institutions funded by the government. The department, which has 200 employees, wanted to become the leading audit bureau in the region for IT security, by building a more secure and reliable infrastructure. Working with Microsoft Services, the bureau underwent an initial review to resolve immediate priorities and then agreed a technology roadmap for a comprehensive security programme, deploying mainly Microsoft technologies. The products already implemented include the Active Directory service, Hyper-V virtualisation technology, and Microsoft SQL Server 2008 data management software. These technologies interoperate with the bureau’s network services and other third-party products. The organisation is now well on the way to achieving accreditation with an internationally recognised security standard.


The Audit Bureau Qatar is responsible for the independent auditing of ministries and other public sector bodies, including the country’s sovereign wealth fund, the Qatar Investment Authority. This mandate involves accounting for all government revenues and expenditure, ensuring that tenders and contracts comply with regulations, and verifying and publishing final accounts. The bureau—an active member of the International Organisation of Supreme Audit Institutions—also recommends any changes it believes necessary to accounting procedures, policies, and systems across government bodies in Qatar.

As a strong advocate for the use of IT—both for automation of in-house work and as an audit tool—the bureau wanted to build a

* Together with Microsoft Services, we’ve helped ensure that highly sensitive government data—both internal and external—is in a secure environment and safe from attack. *

Mahmoud Albatarni,
President’s Office, Audit Bureau Qatar

more secure and reliable environment. Its long-term strategy is to develop and implement a scalable architecture based on a defence-in-depth security model.

Mahmoud Albatarni, IT Expert, President’s Office, Audit Bureau Qatar, says: “Data and transaction security is of paramount importance in this age of rapidly expanding commercial and government computer networks, and the emerging Internet economy in Qatar. The inherent challenges of security have become a top priority for all supreme audit institutions—Qatar is no exception.”

Microsoft security products detected 43 per cent more malware and unwanted software in the Gulf states in 2008 compared to 2007, and Microsoft is strongly committed to working with customers in Qatar. Microsoft opened its Qatar-based branch in 2003 and today delivers the full range of Microsoft products and services through a team of more than 20 highly qualified people.

Robin Wright, Regional Security Architect, Microsoft Europe, Middle East, and Africa, says: “In the third quarter of 2008, the Audit Bureau Qatar invited Microsoft Services to undertake a review of the organisation’s security environment, which at the time was weak. Our initial assignment involved securing the then current Windows Server 2003 environment, but the project soon developed into a much longer term relationship.”


What is now the Audit Bureau Qatar Security Programme is a joint project between the bureau and Microsoft Services, which is committed to a technology roadmap that will soon put Qatar in the front rank of supreme audit institutions worldwide. The programme comprises a sequence of small individual deployments that encompass an enterprise security architecture, security awareness programme and presentation, and continuing work on the Active Directory security implementation. The technologies also interoperate with the bureau’s Cisco-based network services and with other third-party products.

The team deployed:

  • Hyper-V. This allows the bureau to make the best use of its server hardware investments by consolidating multiple server roles as separate virtual machines running on a single physical machine. Wright says: “Without careful design, a Hyper-V implementation can leave an organisation vulnerable to security risks, but Microsoft Services ensured it went smoothly.”

  • Microsoft SQL Server 2008. Microsoft technology provides rich security features to protect databases and network resources. By clustering the bureau’s database server, Microsoft Services has delivered maximum uptime and provided robust failover capabilities.

  • Enterprise BitLocker. This is a full disk encryption Microsoft tool designed to protect sensitive data throughout the organisation.

  • Windows Rights Management Services (RMS). Microsoft Services recommended Windows RMS to help safeguard digital information from unauthorised use.

In addition to these technologies, the bureau is using Microsoft System Center Data Protection Manager 2007, which delivers unified data protection for Windows-based servers, and personal and portable computers. Another related specialised application at the bureau is Audit Collection Services, part of Microsoft System Center Operations Manager 2007. The organisation has also invested in Microsoft Public Key Infrastructure (PKI) using Active Directory services. This provides an integrated PKI that helps users secure and exchange information with strong security and easy administration across the Internet, extranets, intranets, and applications.

In a further development, the bureau has included certificate life-cycle management features in the technology roadmap using Microsoft Identity Lifecycle Manager 2007. This includes smartcards from a third-party provider, business desktop deployment, Microsoft Exchange Server 2007 host filtering, and unified communications.


Partnership with Microsoft Services has resulted in the Audit Bureau Qatar transforming its security infrastructure from weak in 2008 to becoming a leader in IT security within the Europe, Middle East, and Africa region. The organisation has deployed an interlocking suite of Microsoft security products that together meet best practice project management standards. Albatarni, on behalf of the bureau’s IT Committee, says: “The bureau previously had very simple security across all data and resources. Together with Microsoft Services, we’ve helped ensure that highly sensitive government data—both internal and external—is in a secure environment and safe from attack.”

* With the peace of mind that comes from having a secure infrastructure, we are in a better position to enrich the work experience of our employees with new collaboration tools and unified communications. *

Mahmud Albatarni, IT Expert, President’s Office, Audit Bureau Qatar

  • Partnership Transforms IT Security at Audit Bureau Qatar in Just 18 Months
    In 18 months the Audit Bureau Qatar Security Programme has transformed the security infrastructure of the organisation. It has also made staff aware of the importance of protecting the bureau against malware and hackers. Albatarni says: “Our commitment to the roadmap for technology is just one part of the success story. We’ve also raised awareness of the need for best practice within our team. This is an ongoing aim for the bureau.”

  • Audit Bureau Ready to Adopt New Technologies with Safe Environment
    The transformation of the security environment means that the bureau is ready to migrate from earlier versions of the Windows operating system to Windows 7. Albatarni says: “With the peace of mind that comes from having a secure infrastructure, we are in a better position to enrich the work experience of our employees with new collaboration tools and unified communications.”

  • Partners Work Towards Gaining International Security Standard
    Through the Audit Bureau Qatar Security Programme, the authority is seeking to achieve ISO/IEC 27001—the formal set of specifications against which organisations may seek independent certification of their information security management system. Wright says: “This will be a major step forward for us in the coming months, and it shows how far we’ve travelled in a short period of time.”

  • Microsoft Security Software Interoperates with Core Systems
    The Microsoft security suite interoperates easily with the organisation’s core business systems and network services. Albatarni says: “While working effectively with Microsoft Services, we also use Cisco network services and HP hardware. But this hasn’t created any challenges—the Microsoft security technologies are highly interoperable, and, with Microsoft Services, we have a technical partner whose strength is to focus on what we as a customer want.”

Microsoft Server Product Portfolio
For more information about the Microsoft server product portfolio, go to:

For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:

For more information about Audit Bureau Qatar products and services, visit the Web site at:

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

    Løsningen - kort fortalt

    Organisations størrelse
    200 medarbejdere


    The Audit Bureau Qatar is responsible for conducting independent audits of the accounts of all government departments and public sector bodies to ensure compliance with financial regulations and legislation.


    The bureau needed a review of its security systems with the aim of becoming a regional leader in IT security by deploying a secure architecture based on a defence-in-depth security model.


    Microsoft Services assigned its regional security architect for an initial audit followed by the deployment of multiple interlocking technologies working jointly with Audit Bureau Qatar experts.


    • Security is transformed in 18 months
    • Bureau gains safe environment for new applications
    • Partnership aims for international accreditation
    • Technologies interoperate with core systems

    Software & Services
    • Microsoft SQL Server 2008
    • Microsoft System Center Data Protection Manager 2007
    • Microsoft Identity Lifecycle Manager 2007
    • Microsoft Exchange Server 2007
    • Windows 7
    • Windows Server 2008
    • Microsoft System Center Operations Manager 2007
    • Microsoft Hyper-V
    • Microsoft Active Directory Domain Services
    • Windows Server 2008 Active Directory Rights Management Services



    • Financial Management
    • Unified Communications

    • Regulatory Compliance and Controls
    • Virtualization