Security Strategy, Plan, Budget

From Interop: Automation, integrated frameworks growing on execs for compliance needs

Improving automation and developing integrated frameworks are keys for enterprises coping with the rising cost and resources required to meet compliance demands, a roundtable of experts said today at Interop New York 2006.

"The CEO wants it all," Adam Losner, vice president of finance at the Securities Industry Automation Corp. said at the Symantec-sponsored six-member discussion. "They want to have compliance. They want internal controls and they want it all to be cost effective."

Four years after the Sarbanes-Oxley Act forced public organizations to closely examine their auditing and accounting procedures, businesses are making progress from looking at compliance with a "checklist" mentality to being more robust in their approach, the panel said.

However, the price tag to keep up with compliance is soaring, with auditor's fees increasing by as much as 50 percent. Plus, Losner said, organizations have been forced to deal with some 114,000 new regulations since 1990.

"And I don't think the rate is going to slow down much," he said.

Joseph Lindstrom, senior director of professional services at Symantec, said that as auditors get more sophisticated in their knowledge of regulations, organizations are responding with more robust solutions for compliance instead of point solutions.

"They all want to have the tools in place to demonstrate they are in compliance with the requirements," he said.

Steve Attias, CISO at New York Life insurance company, said businesses must take the mindset that adhering to regulations benefits the organization's good name instead of "being compliant for the sake of being compliant."

Even as companies become more comfortable with the major compliance laws, statistics reveal mixed results.

Seventy-seven percent of mid-size organizations, defined as companies with annual revenues of $50 million to $999 million, are "very close" to controlling deficiencies in IT compliance, says a recently released Symantec Security Compliance Council study of 1,059 organizations.

Getting mid-level companies to realize the importance of compliance is an important step for the industry, said Jonathan Dambrot, managing director of information security consulting firm Prevalent Networks.

"That's really going to help guide the way," he said.

Yet 15 percent of mid-market companies still are "awash" in deficiencies, the study says. Across the industry, just 11 percent of organizations reach "stellar performance results" when measured by the number of compliance deficiencies they face.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.