Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Working toward compliant provisioning

By Don Bowen and Tom Garrity , Network World , 03/29/2007
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
  • Share/Email
  • Comment
  • Print

Since the Sarbanes-Oxley Act became law in July 2002, it has altered radically the way public companies manage their procurement, accounting, auditing and other internal processes, especially those that are tied to financial reporting.

Public companies have invested tens of billions of dollars in SOX compliance, and many of these investments have been in labor-intensive manual processes. The cost and risk associated with these processes have become untenable, however, and more SOX investments are being directed to automated solutions.

An automated approach to compliance provides the speed, accuracy and visibility necessary to prevent, detect and correct compliance violations. More important, automation can do this without taxing an enterprise's resources, which in most cases are taxed heavily already.

Integrated compliance solutions optimize and streamline compliance by addressing all compliance-related activities - provisioning, monitoring, analysis and remediation. Such solutions call for the seamless integration of controls-management and identity-management systems. This integration is the essence of an emerging practice called compliant provisioning.

This best practice entails managing several key compliance initiatives jointly, ensuring that:

•  Compliance applications integrate with identity-management and provisioning systems.

•  The roles of IT security and business process owners are identified clearly in the automated provisioning process.

•  Financial and ERP systems provide for clear segregation of duties.

•  User requests for privileges and changes to user roles do not create segregation-of-duty violations.

By incorporating the principles of compliant provisioning into an integrated, automated approach, an enterprise can implement a sustainable system of compliance. Such a system addresses everything from the granting of user privileges to the ongoing monitoring of those privileges, the continual analysis of access activity in the light of those privileges, and the steps to remediate any violations before they become audit issues.

Not only does this approach address compliance requirements, which is the key business driver, but it's also a better way to conduct business. With an integrated solution, these critical tasks can be handled through a single seamless process, with no additional action required to assess whether a user's privileges continue to be in compliance as they change, and no special effort needed to address noncompliance.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed

Whitepapers

Stock Spam: A Classic Scam

Ever since there have been stocks and shares there have been so called "pump 'n' dump" scams. This...

Spyware: Know Your Enemy

Like Macavity, the fictional feline in T. S. Eliot's well-known poem, spyware may be considered to...

The Online Shadow Economy: A Billion Dollar Market For Malware Authors

Malware, meaning computer viruses, trojans and spyware, is about money. The teenagers who wrote...

Webcasts

SQL Server Consolidation: Insights from customers, analysts & HP

Microsoft SQL Server has enjoyed phenomenal success as a database server. Its relatively low cost,...

Minimizing the Risk of Information Security Breaches: Best Practices for SOA Governance and Compliance - Live October 21

Today's enterprises face more information security risks and vulnerabilities than ever before....

Migrating to Windows Vista: Necessity and Opportunity

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Special Reports

Unified Threat Management from CheckPoint

Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...

Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.