Microsoft Access – Risk Migration and Management Strategy – Part 1



Sponsorship

This comprehensive risk mitigation and management protocol consists of three major components: 1) a proven approach, 2) a set of proprietary tools, and 3) IT specialists dedicated to this body of work.

Our client, for this case, is a very large customer of Microsoft, whom estimated that they had over 65,000 (that’s sixty-five-thousands) MS Access databases located across their network within North America residing within 2600 locations on a network consisting of 25 terabytes of data, mixed in with over 12.5 million other files. The client was preparing for an enterprise wide migration to Office 365 when they realized that regional divisions had operational dependencies on MS Access database applications developed by shadow IT groups dating back before the millennium and still in use today.
In a joint effort with the client’s IT group, Help4Access deployed tools designed to perform a series of network sweeps followed by progressively deeper analysis pass, after which time, a comprehensive list of IT assets was compiled whereby further analysis and what-if scenarios, could be ran.  The MS Access asset report aids in the initial outreach conversations with key business stakeholders and acts as a repository to help track each asset’s business function and impact to the organization. (Stage 4 & 5).

 

Background

The Microsoft Access database application platform is the world’s fastest rapid application development platform on the planet, having been installed on over 1.2 billion computers since its initial release in 1992. Business users and IT professionals have created simple to complex custom database applications solving critical business needs.

MS Access is a natural extension of MS Excel, and when Excel limits are reached, MS Access is the next logical tool of choice.  The proliferation of MS Access database applications grows within an organization whenever there is a gap in available commercial off-the-shelf (COTS) software solutions and business needs.  Yet, this is at the heart of business innovation and where new products and services are invented and markets and new profit streams are initially developed.

Necessity is the mother of invention, and MS Access is the fastest tool to fill the gap.

Microsoft Access comes preinstalled on a new employee’s PC and resides within the Microsoft Office Professional suite of tools. A MS Access application, in its simplest state, may consist of a single physical file. This single physical file may contain two logical layers; a front-end or user interface, and secondly, a back-end or the database portion of the application.

The front-end application may consist of one or more forms used for data entry and may also contain custom reports. Within the database portion of the single physical file, there may exist one or more tables which 1) contain data (i.e., traditional client/server), 2) links to other MS Access database applications, text files, and excel files or other heterogeneous data sources such as SQL Server, Oracle, Sybase, Teradata, DB2, Salesforce and more.

Risks

MS Access database applications often start their life outside of formal IT departments and governance processes and  are not tracked as formal IT assets. These applications don’t have official IT budgets nor is their business function documented within enterprise asset management portfolios. This lack of asset tracking and the growing dependency on these evolving business applications, leads to a hard to detect but nonetheless, a growing risk to business operations upon application failure.

Network errors, user mistakes, employee mishandling of rules and applications, software out of date, data corruptions, legacy code, viruses, malicious user behavior all threaten to jeopardize these vulnerable yet critical business solutions supporting a growing critical business function.

Microsoft Access versions older than and including 2010 are no longer supported and are technically considered legacy applications.