- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Since the Sarbanes-Oxley Act became law in July 2002, it has altered radically the way public companies manage their procurement, accounting, auditing and other internal processes, especially those that are tied to financial reporting.
Public companies have invested tens of billions of dollars in SOX compliance, and many of these investments have been in labor-intensive manual processes. The cost and risk associated with these processes have become untenable, however, and more SOX investments are being directed to automated solutions.
An automated approach to compliance provides the speed, accuracy and visibility necessary to prevent, detect and correct compliance violations. More important, automation can do this without taxing an enterprise's resources, which in most cases are taxed heavily already.
Integrated compliance solutions optimize and streamline compliance by addressing all compliance-related activities - provisioning, monitoring, analysis and remediation. Such solutions call for the seamless integration of controls-management and identity-management systems. This integration is the essence of an emerging practice called compliant provisioning.
This best practice entails managing several key compliance initiatives jointly, ensuring that:
• Compliance applications integrate with identity-management and provisioning systems.
• The roles of IT security and business process owners are identified clearly in the automated provisioning process.
• Financial and ERP systems provide for clear segregation of duties.
• User requests for privileges and changes to user roles do not create segregation-of-duty violations.
By incorporating the principles of compliant provisioning into an integrated, automated approach, an enterprise can implement a sustainable system of compliance. Such a system addresses everything from the granting of user privileges to the ongoing monitoring of those privileges, the continual analysis of access activity in the light of those privileges, and the steps to remediate any violations before they become audit issues.
Not only does this approach address compliance requirements, which is the key business driver, but it's also a better way to conduct business. With an integrated solution, these critical tasks can be handled through a single seamless process, with no additional action required to assess whether a user's privileges continue to be in compliance as they change, and no special effort needed to address noncompliance.
In the absence of an integrated solution, every compliance-related task has to be handled by a separate solution. This adds to the enterprise's compliance costs and to the effort required to ensure compliance, not to mention that it exposes the company to unnecessary risk.
Many companies prudently have implemented identity-management solutions. This lets them efficiently and effectively manage diverse and independent operating systems and policies for access management and user provisioning - across departments, programs and operations, and at varying levels of security. Added benefits include increased data security and simplified access to the information users need to do their jobs.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment