|
|
|
Features
< Back
Sarbanes Oxley : Technology : Identity Management
Moving Beyond Compliance to Business Value
Today?s Compliance Efforts Are Preparing Companies to Meet Tomorrow?s Business Goals
By
Sara Gates
|
|
Sara Gates
VP Identity Management
Sun Mircosystems
|
Until now, much of the attention focused on Sarbanes-Oxley compliance has been associated with making sure that companies have all the controls, processes, and tools they need to stay within the law?and to do so as efficiently and cost-effectively as possible.
And in the few short years since the passage of Sarbanes-Oxley, there has been tremendous progress toward that goal, as evidenced by many recent feature articles in this Journal about solutions for compliance challenges
Does that mean we?ll soon be coming to the end of the road when it comes to dealing with compliance?
Hardly.
Once companies get to the point that compliance-related activity has become a seamless part of everyday business, they?re ready to turn to the corner and greet the next challenge: transforming compliance from a necessary evil to a welcome opportunity that brings with it true business value.
Recasting the Challenge
To see Sarbanes-Oxley compliance not just as a regulatory obligation but also as a business opportunity, companies have to stop viewing it as an isolated issue?one that rears its head only at audit time and that mainly affects Operations and Finance. The fact is that compliance isn?t isolated in any sense.
It?s a continuing requirement for every public company, and one that affects everyone in the organization. The sooner companies start to see compliance this way, the sooner they can begin to see the possibilities it raises instead of limitations it imposes.
A useful analogy for conveying this view comes from the time back when seat belt use first became mandatory for drivers in many states.
Before there were laws requiring people to wear seat belts, many people simply didn?t wear them. (I speak from experience.) In fact, a lot of people saw wearing a seat belt as a major inconvenience that was just going to slow them down when they needed to get somewhere fast.
And many became incensed at the idea that the government was going to require them to do so and threaten them with high fines and stiff penalties if they didn?t?even though we all knew we were safer with the seat belt.
Sound familiar? It?s not unlike what happened in the wake of the passage of Sarbanes-Oxley, when you think about it. Companies understandably threw up their hands at the prospect of having to reinvent many of their business processes, and even add a number of new ones, to accommodate Sarbanes-Oxley requirements.
But think about what?s starting to happen now. In much the same way that people slowly came around to the realization that seat belts weren?t so bad?that they could make driving a safer mode of transportation and even save lives?businesses today are beginning to see the upside of conforming to Sarbanes-Oxley requirements.
Seizing the Opportunities
There are at least three areas of business opportunity for companies that have a strong, ongoing, sustainable approach to Sarbanes-Oxley compliance: strengthening business relationships by reducing business risk, building better customer relationships by increasing levels of trust, and accelerating revenue growth and profitability through automation-driven business practices.
For example, identity-based business processes for compliance with Sarbanes-Oxley can reduce business risk by improving the security of access to information. A company will know, for example, that it is adhering strictly to requirements for segregation of duties by being able to weave in the segregation-of-duties rules into the process of provisioning system access.
This is further enhanced by being able to determine at any given time who has access to what information and by whose authority. This ability to identify ?who? improves the security of information in a more specific way, reducing risk and increasing the appeal of the business to its partners and customers.
With better control over access to sensitive information, companies will avoid security breaches that are likely to receive widespread media coverage, and they will thus reduce their risk of diminished customer loyalty and trust.
Another example of business opportunity is through the increasing levels of trust that are engendered by compliance with Sarbanes-Oxley. When a company on an ongoing basis avoids security braches and other threats to the integrity of its operations, thus demonstrating to customers and the public at large that it is controlling its level of risk, the result over time is greater trust and confidence in the company on everyone?s part.
Here again, identity management has a role to play by delivering a sustainable and cost-effective approach to key compliance and security activities, as detailed, for example, in a recent feature article [link to 05-19-05 Sara Gates article] on identity-based auditing.
Finally, automated identity management capabilities not only make compliance easily sustainable over the long term, they also help drive new growth by facilitating participation in collaborative networks.
In consumer-facing environments, the identity management infrastructure gives consumers convenience and one-stop shopping by providing a single view of accounts and extranet single sign on across multiple sites, while at the same time providing global logout and session management for security purposes.
In extended-enterprise environments, companies can bring outsourcing partners for everything from IT to HR onto their networks securely and easily. This enables them to enjoy to the fullest the greatest advantages of outsourcing: reducing operational costs and keeping focused on the core business, while at the same time maintaining the security of the networked environment.
It is also worth pointing out that making compliance a sustainable part of everyday business is, in and of itself, a source of business opportunity. After all, when compliance becomes so ingrained and easily handled within a company, the effort that it used to require can be diverted to business priorities such as how to enhance top-line revenue.
Conclusion: Redefining Compliance as a Source of Business Advantage
As long as Sarbanes-Oxley compliance was perceived as an onerous burden for companies, no one saw much opportunity in it. But now that resources like identity management solutions are making it easier to comply, the opportunities are becoming more obvious.
From creating a competitive edge by building a more secure and trusted company, to getting new services and applications to market faster via automated capabilities, compliance is creating new ways for companies to grow and prosper tremendously.
In this new environment of opportunity, companies that continue to treat compliance as a resource-intensive, burdensome task will fall behind. Companies that treat it as a way to turn the corner to a new opportunity will get ahead.
Sara Gates
VP Identity Management
Sun Mircosystems
Sara Gates is vice president of identity management at Sun Microsystems. She is responsible for driving the Sun identity management vision, strategy and product line. She joined Sun Microsystems in December 2003 through the acquisition of Waveset Technologies, bringing over 15 years of industry experience.
Previously, Gates was the director of product management and product marketing at Waveset Technologies, a leading provider of identity management solutions. Prior to Waveset, Gates held market strategy positions at Deloitte Consulting and Microsoft. Gates holds a BBA from the University of Texas at Austin and an MBA from Vanderbilt University, where she is currently President of the Board of Directors.
|
|
|
|
|
