|
|
|
Features
< Back
Sarbanes Oxley : Technology : Identity Management
IT Management to Make Your Compliance Dollars Count
By
Mark Harris
|
|
Mark Harris
VP of Strategic Marketing
Cyclades Corporation
|
If there?s one silver lining to the formidable IT requirements mandated by legislation like the Sarbanes-Oxley Act of 2002 (often referred to as ?SOX?) or the healthcare industry?s HIPAA act (and all similar legislation introduced globally), it?s the rejuvenation of IT spending. New or reallocated IT budgets in support of these compliance initiatives give companies an opportunity to address operational efficiency within the network at the same time.
While many companies may have implemented quick-fix solutions to meet year-one auditor requirements, looking forward is a different story. Companies want to avoid escalating costs by implementing solutions that will evolve with auditor requirements and bring business benefits as well. Out-of-band management tools can provide the advanced IT management functions companies need today for efficient, reliable and secure operations, which assist these companies in meeting their compliance objectives cost-effectively.
Long-Term Compliance
SOX sets new standards for corporate accountability by strengthening checks and balances, instituting high levels of control and defining specific criminal penalties for noncompliance. As such, SOX compliance is a high-priority IT initiative within many corporations. As a result, SOX is bringing about changes within IT infrastructures worldwide as corporations modify existing IT and information management procedures to comply with the required policies at a cost that can become part of their ongoing IT spend plan.
Compliance requires companies and auditors alike to examine the core processes and systems that support the integrity of corporate financial reporting and confidentiality. Key challenges to compliance are the evolving nature of the laws, the ambiguity surrounding IT mandates and the fluidity of auditor requirements. Not only will systems and processes change over time, but also auditors will continually identify new points to evaluate as they gain a more extensive understanding of the IT infrastructure.
Given this scenario, companies are quickly learning to plan for the long term rather than exhausting IT resources and budgets on quick-fix solutions. Companies need flexible solutions that provide a foundation for compliance at an operational cost they can bear.
Out-of-Band Meets Compliance
For years out-of-band management solutions have helped companies manage their critical IT assets. Originally deployed to improve overall system reliability by providing an alternate path for accessing and restoring individually failed equipment, out-of-band technologies today allow companies to better realize a higher rate of return on their investments across their entire hardware infrastructure, making these assets more available more often.
In addition to their core value of restoring disconnected assets, out-of-band management products can help companies meet SOX requirements by applying consistent access security to their IT environments. Out-of-band management solutions can automate and document many general IT controls in areas such as physical and logical access control, interactive session logging, access audit logging, change management and even provide audit trails related to problem identification and resolution.
An out-of-band infrastructure supports IT assets in a comprehensive and cohesive system, providing that critical foundation companies are looking for to help meet their compliance initiatives. By establishing an out-of-band infrastructure, companies can strengthen SOX compliance in several key areas.
WHAT WAS ONCE CONSIDERED BEST PRACTICE ? IS NOW THE LAW
Authentication and Access
Out-of-band management tools provide the ability to define and grant access rights to any connected IT asset for individual users or user groups. These rights may be defined by user location or role, or may be time or technology dependent. An out-of-band infrastructure helps protect all these alternate paths of access to the system, including physical access to these paths with notification of breach.
Configuration Change Management
Changes to the IT infrastructure can greatly affect a company?s ability to maintain internal control over information. Effective change management policies and procedures are needed to consistently apply and document all infrastructure changes. Out-of-band management solutions are designed to record all changes as well as the time/date the change took place to support audit reporting.
WHAT WAS ONCE CONSIDERED BEST PRACTICE ? IS NO THE LAW
Data Logging and Audit Documentation
Effective data logging of user access to IT infrastructure resources is crucial to assure the integrity of a company?s financial and confidential data. Corporations should have the tools in place to document all access to these systems, identifying who accessed which system when and what actions were performed. Out-of-band management tools provide complete bidirectional logging of the information that flows to and from connected IT assets. This log information is held indefinitely according to an organization?s data archiving policies.
WHAT WAS ONCE CONSIDERED BEST PRACTICE ? IS NOW THE LAW
Consistency
Corporations that seek SOX compliance will look at tools and technologies that allow a consistent application of policies and procedures to all IT assets. SOX auditors will take special note of each system that has access controls and will measure the suitability and reliability of each of these systems as needed. Hence, the application of a consistent set of user access rules allows an auditor to review the suitability once, rather than evaluating processes repeatedly, which may require more time and expense. Deploying an integrated, out-of-band management system, including all of the current technologies in use, with the ability to add new technologies in the future is essential. Today these technologies include KVM, serial, power, service processor management and blade management. A well-designed out-of-band infrastructure provides a level of consistency very compatible with streamlined audit exercises in the future.
Encryption
Financial and other confidential information must be treated as highly sensitive both internally and externally within a company?s IT infrastructure. Data encryption is necessary to protect this information. All keystrokes, data outputs and reports generated by systems need to be transported via secured encryption technologies (i.e., SSL-128B, AES, DES, 3DES). Out-of-band management tools use these encryption schemes for all data flows and guarantee that sensitive information is available only to those systems directly involved.
ONCE CONSIDERED BEST PRACTICE ? IS NOW THE LAW
Business Benefits Beyond Compliance
Once deployed, an effective out-of-band management solution can also bring significant return on investment (ROI) beyond the original SOX compliance efforts, including improved operational efficiency, reduced overall remedial costs and improved IT asset productivity and availability. Out-of-band management solutions can also help organizations quickly diagnose and resolve problems, thereby increasing the responsiveness of the IT organization and the service level it provides. Additionally, out-of-band management solutions can help organizations document labor-intensive processes, take advantage of known best practices and maintain system availability and reliability.
Summary
Full SOX compliance as a core measure of IT success is very real today. An IT organization must be able to demonstrate that significant proactive steps have been taken to safeguard the integrity of financial and other confidential data. Due to accountability and penalty provisions defined within the legislation, SOX compliance has become a high priority within most corporations. While SOX does not define how corporations are to become SOX compliant, the use of technological rather than manual processes is key to maintaining an IT infrastructure that supports a corporation?s core business objectives. By selecting technologies that provide a solid foundation for evolving IT processes, companies can make their compliance dollars count.
Mark Harris
VP of Strategic Marketing
Cyclades Corporation
Mark Harris, VP of Strategic Marketing, Cyclades Corporation, an Avocent Company
Mark Harris has more than 25 years of experience marketing and selling networking technology. Before joining Cyclades in 2002, Harris served in senior sales positions for Netscaler and Extreme Networks, successfully establishing best-of-breed partner programs and increasing sales.
During his 17-year career with Digital Equipment Corporation, he held a variety of sales and marketing positions, including Director of Marketing for the world's first terminal and console servers. Harris is a member of Gartner's Vision Advisory Council and Tech Data's Advisory Council, providing recommendations on improving channel-vendor relationship.
Harris has a B.S. degree in Electrical Engineering from Arizona State and is a Microsoft and Novell Certified engineer.
Avocent (NASDAQ:AVCT) is the leading global provider of IT infrastructure management solutions for enterprise data centers, small/midsize business, and branch offices. Branded products include local and remote switching, serial connectivity, digital extension, embedded, wireless, mobile and video display solutions.
Visit www.avocent.com for more details.
|
|
|
|
|
