Risk and reward: Policy management tools
Risk and reward: Policy management tools

So, you've got your policy in place. Then, based on your policy, you have tweaked your network to comply. You run the vulnerability assessments and pen tests and you're pretty sure you've got the information security engine purring like a contented kitten. You're off to other things, such as the daily fires with which you constantly deal. Sometime when you weren't looking there was a new regulatory requirement, two new firewalls and a new corporate website for the marketing team. Now what? Is it time to run a whole new risk assessment? Not necessarily.

This month's products – and there are a slew of them – watch policy, make sure that you know what needs to be changed and what doesn't, and how your organization's risk picture has changed. These tools have been maturing from large, unwieldy software beasts to compact, easy-to-use tools with a lot of power in smaller packages. That is not to say that they are miniaturized, trivialized or otherwise designed to cut corners. In reality, they do the same as, or more than, their predecessors. They just do it better with more manageable user interfaces and more powerful policy engines.

Strangely, we have come from one or two credible players in this arena to nearly two dozen. That is not the way we usually see a market evolve. In fact, with this product group we have broken all past records for the number of products in a single issue. Will the usual convergence happen eventually? Maybe, but this bumper crop of products sends a message loud and clear: Businesses finally have started to take policy and compliance seriously.

I conducted a seminar for small businesses recently and I made the point that compliance does not equal security. An alarming number of major breaches have taken place in enterprises that were, for example, PCI compliant. So the issue is not being able to tick off the boxes on a compliance audit. The issue is securing the enterprise as the bad actors become better at their trade and gain support from groups with money and an axe to grind. This month's group of solutions can help you put that checkmark in the compliance column while staying – and knowing that you are staying – secure.