- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Four vendors this week plan to unveil products that do double duty: help companies monitor operational and system risks, and facilitate compliance with industry mandates such as the Sarbanes-Oxley Act.
Large companies are expected to dole out more money this year than last on IT products to automate key compliance tasks. PricewaterhouseCoopers surveyed executives at 131 U.S.-based multinationals and found most want to improve how they use technology to remain in compliance. In particular, respondents want technical assistance with SOX Section 404, which requires companies to attest to the effectiveness of the internal controls put in place to safeguard systems and processes related to financial reporting.
In the PricewaterhouseCoopers survey, 47% of executives said their company's use of technology in support of Section 404 compliance was "satisfactory - with lots of room for improvement." Just 38% said their company did a "great" or "effective" job with technology, and 10% said their technology efforts require major improvements.
Among all respondents, 75% expected to make significant technology changes in the second year of their SOX Section 404 compliance. Standing by are a slew of vendors with compliance software, including the four that are due to unveil products this week: ArcSight, Axentis, LogicalApps and OpenPages.
ArcSight is unique among these four vendors in that its focus is on security information management. Its flagship ArcSight Enterprise Security Manager (ESM) software collects and analyzes security data from devices such as intrusion-detection systems, firewalls, routers, switches and servers.
The tie-in to SOX compliance is that companies use ArcSight ESM to discover risks, correlate relevant security information and assess vulnerabilities - which are key parts of providing adequate internal controls.
To capitalize on compliance-related IT spending intends, the vendor this week plans to unveil ArcSight Compliance Insight Packages, a new family of products that bundle preconfigured report templates, rules and dashboards to help companies collect and review compliance-related data from log files.
While ArcSight specializes in security log analysis, Axentis, LogicalApps and OpenPages operate in the broader compliance-management market, and each aims to help companies satisfy multiple mandates with a single framework.
Research shows that companies can save money by consolidating compliance efforts. Companies that choose individual solutions for each regulatory challenge they face will spend 10 times more on IT products than those that take a sustainable, programmatic approach to compliance, according to Gartner.
Michael Rasmussen, a vice president at Forrester Research, warns companies to be wary of all-in-one corporate governance, financial compliance and enterprise risk management platforms, however.
There's a legitimate need for companies to consolidate previously fragmented methods of keeping tabs on the many areas of corporate risk: financial, legal, compliance, operational and technology risks. But there's no silver bullet for dealing with all of it.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment