Editor's note: This is the fourth installment of a five-part series on the threats facing IT executives and how to mitigate them.

As challenging as the security demands imposed by some new regulatory requirements have been, they've also presented IT managers with a golden opportunity to make network improvements.

Of particular influence have been the Sarbanes-Oxley (SOX) Act's financial reporting standards for publicly traded companies and the Health Insurance Portability and Accountability Act (HIPAA), federal security rules for patient data that take effect next month for healthcare organizations.

For companies that spent several months striving to understand SOX or HIPAA, the requirements brought good news: For some IT departments, upper management generously opened purse strings to acquire new auditing and security protections.

"SOX was very much a driver for getting Configuresoft's Enterprise Configuration Manager and other tools," says Bill Randall, IT director at Red Robin Gourmet Burgers, a Greenwood Village, Colo., restaurant chain.

Configuresoft's ECM, which Red Robin added to 30 servers and about 200 workstations, documents and tracks operating system and application configurations and password changes, while ensuring compliance with a written policy.

According to Randall, that capability helps meet the SOX requirements that organizations document their systems for auditing purposes.

"When we knew SOX was coming down the pike, we used it as an opportunity to better document our procedures because we know this will be part of the financial audit, which includes the SOX audit, that our auditor Deloitte will do later this year," Randall explains. "The IT audit is a big part of that review because IT is the gatekeeper for the financial controls."

Manual documentation and audit and policy-enforcement process would have taken Red Robin's IT department more than 12 hours, but automating the process through ECM reduced it to 10 minutes.

Red Robin also deployed the NetIQ Security Manager to centrally monitor and analyze network logs across the network, which included firewalls and intrusion-prevention systems .

"At the beginning of the year, we hadn't budgeted for all this," Randall says of the unexpected bonanza. But as the company examined its own practices, it became clear that SOX compliance would mean hiring more systems experts or implementing better automation - and Red Robin opted for the latter.