- Firefox users targeted by malware
- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- AT&T to cut 12,000 employees through 2009
- Microsoft, EMC partner on data-loss prevention
Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
First I must address an error I included in one of last week's newsletters, "Management and open source software, together at last." I had said the fledgling industry organization, the Open Management Forum, seemed to be defunct, but I was mistaken. A DNS error had made their Web site inaccessible from the address I had and from the links provided in a Google search. I am happy to report the OMC is alive and thriving with more than 30 members working toward open source and commercial management application interoperability. More on that group in future newsletters.
Now onto today's topic. Aspects of IT governance have come to the forefront of IT executives priorities in light of compliance deadlines for industry regulations such as Sarbanes-Oxley and Health Insurance Portability and Accountability Act (HIPAA). While there are commercial products that promise to help IT managers track compliance, IT governance in and of itself is not just about technology. It is about how IT delivers services -- either in a centralized or decentralized manner -- and the controls and documentation put in place to maintain accurate configurations and enforce processes. For instance, IT governance would monitor changes and access made to systems and assess if those acts comply with security or regulatory policies.
Forrester Research categorizes such products as governance, risk and compliance (GRC) management tools. The products comprise many functions once handled by disparate department across an enterprise organization.
"Increased risk and regulatory pressures in a distributed enterprise are propelling organizations to craft consistent game plans for centralizing GRC oversight," reads a recent Forrester report. "Organizations are to establish a platform that maintains a system of record for GRC. This enables disparate compliance and governance technologies to combine into a coherent regime for managing GRC across the enterprise."
With the size of todays IT environments and the constant rate of change to systems, many vendors have emerged with products that would automate the monitoring and assessment of these myriad changes. One problem area is monitoring changes to determine if they comply with preset policies and that those making changes are authorized. In the past month alone, Active Reasoning and Tripwire updated their governance platforms to provide enterprise IT managers with more ways to ensure policies are followed and compliance demands are met.
Denise Dubie is senior editor with Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout’s nGenius & Sniffer users.
www.netscout.com
Metzler on CIO Priorities
The top five CIO priorities based on a survey of NetScout users revealing CIOs' top priorities and what they think they should be. Also includes interviews with CIOs of large organizations.
Read the Report
Metzler on Application Delivery
How to eliminate the stovepiped or siloed nature of application delivery from both an organization and a technological perspective.
Read the Brief
Metzler on Network Troubleshooting
Overview of network troubleshooting that provides an assessment of where we are, and where we need to be relative to the complexities of today's IT challenges.
Read the Brief
Comments (3)
Yes, Solidcore also doesBy Anonymous on February 26, 2007, 6:20 pmYes, Solidcore also does change control for embedded systems, and is currently deployed to prevent unauthorized change on devices such as NEC's POS systems and NCR's...
Reply | Read entire comment
Change management in real timeBy Daniel Green on February 26, 2007, 4:12 pmAs I understand, the Solidcore product is designed to manage cash registers and point of sales systems. This is probably why it wasn't mentioned in an article about...
Reply | Read entire comment
Change management in real timeBy Anonymous on February 26, 2007, 11:26 amOne major vendor was not mentioned in this article. Solidcore takes this a step further by not only tracking all change activity in real-time, but automating the...
Reply | Read entire comment
View all comments