Continuous compliance

Share this article:
Continuous compliance
Continuous compliance

Compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner, says Harish Rao, chairman & CEO, nSolutions.

Enterprises have to demonstrate operational and fiduciary responsibility in their regulatory environment. As such, compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner.

IT operations spend a considerable amount of time and budget in just managing change to the IT core and associated applications. Exacerbating the endless IT changes are government and industry requirements that come with financial penalties for non-compliance. Operationally, Sarbanes-Oxley (SOX) imposes a requirement to manage the security and configuration integrity of enterprise infrastructures and requires them to demonstrate compliance to auditors on an ongoing basis. The 12 requirements described within the Payment Card Industry (PCI) standard provide opportunity for enterprises to build a compliant environment in which sensitive data is secure.

The impact of these regulations is that IT operations pay more attention to configuration change management, rule books and collecting logging data in each of the domains of operations. It is more cost-effective for an enterprise to run its operations according to a set of corporate policies that makes it easier to respond to all regulatory requirements than to create a solution specific to each regulatory requirement.

From a business service delivery viewpoint, it's important to understand the dependencies between the configurations of today's infrastructure resources. However, the configuration repository must show the dependencies between the various resources supporting the business service.

Today's challenge is how to get information at this level – in a single unified view of the configurations, in real time – to provide a dynamic view of the configuration state. With traditional root cause and fault isolation tools, it is not possible.

Observing and managing change for continuous compliance presents an opportunity to minimize business risk through IT automation and control. In the process, it provides a business services perspective of the configuration state in real time, while providing a holistic solution for managing change across the domains of operations.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.