Compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner, says Harish Rao, chairman & CEO, nSolutions.
Enterprises have to demonstrate operational and fiduciary responsibility in their regulatory environment. As such, compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner.
IT operations spend a considerable amount of time and budget in just managing change to the IT core and associated applications. Exacerbating the endless IT changes are government and industry requirements that come with financial penalties for non-compliance. Operationally, Sarbanes-Oxley (SOX) imposes a requirement to manage the security and configuration integrity of enterprise infrastructures and requires them to demonstrate compliance to auditors on an ongoing basis. The 12 requirements described within the Payment Card Industry (PCI) standard provide opportunity for enterprises to build a compliant environment in which sensitive data is secure.
The impact of these regulations is that IT operations pay more attention to configuration change management, rule books and collecting logging data in each of the domains of operations. It is more cost-effective for an enterprise to run its operations according to a set of corporate policies that makes it easier to respond to all regulatory requirements than to create a solution specific to each regulatory requirement.
From a business service delivery viewpoint, it's important to understand the dependencies between the configurations of today's infrastructure resources. However, the configuration repository must show the dependencies between the various resources supporting the business service.
Today's challenge is how to get information at this level – in a single unified view of the configurations, in real time – to provide a dynamic view of the configuration state. With traditional root cause and fault isolation tools, it is not possible.
Observing and managing change for continuous compliance presents an opportunity to minimize business risk through IT automation and control. In the process, it provides a business services perspective of the configuration state in real time, while providing a holistic solution for managing change across the domains of operations.