Harish Rao, chairman & CEO, nSolutions
July 31, 2008
Opinion

Continuous compliance

Continuous compliance
Continuous compliance

Compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner, says Harish Rao, chairman & CEO, nSolutions.

Enterprises have to demonstrate operational and fiduciary responsibility in their regulatory environment. As such, compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner.

IT operations spend a considerable amount of time and budget in just managing change to the IT core and associated applications. Exacerbating the endless IT changes are government and industry requirements that come with financial penalties for non-compliance. Operationally, Sarbanes-Oxley (SOX) imposes a requirement to manage the security and configuration integrity of enterprise infrastructures and requires them to demonstrate compliance to auditors on an ongoing basis. The 12 requirements described within the Payment Card Industry (PCI) standard provide opportunity for enterprises to build a compliant environment in which sensitive data is secure.

The impact of these regulations is that IT operations pay more attention to configuration change management, rule books and collecting logging data in each of the domains of operations. It is more cost-effective for an enterprise to run its operations according to a set of corporate policies that makes it easier to respond to all regulatory requirements than to create a solution specific to each regulatory requirement.

From a business service delivery viewpoint, it's important to understand the dependencies between the configurations of today's infrastructure resources. However, the configuration repository must show the dependencies between the various resources supporting the business service.

Today's challenge is how to get information at this level – in a single unified view of the configurations, in real time – to provide a dynamic view of the configuration state. With traditional root cause and fault isolation tools, it is not possible.

Observing and managing change for continuous compliance presents an opportunity to minimize business risk through IT automation and control. In the process, it provides a business services perspective of the configuration state in real time, while providing a holistic solution for managing change across the domains of operations.

From the August 2008 Issue of SCMagazine »
Related Articles
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.