Seeking compliance in a mobile world

Newly public financial firm Thomas Weisel Partners retools policies and procedures to comply with the Sarbanes-Oxley Act while prepping for the changing nature of mobile threats

1 2 Page 2
Page 2 of 2

Sometimes compliance and flexibility work against each other. You become so rigid in your compliance that IT or the firm doesn’t have the flexibility to change with the environment, either in the market or to bring up new businesses. Fortunately, the CIO and I agree that when we bring up new businesses, offices or locations, we should work to keep implementation consistent across the firm to minimize risk of noncompliance and security issues. Because we are a midsize firm I have the ability to work very closely with the CIO, the legal team and the compliance team, and we have the luxury of having conversations about these things.

Related to security, I think you find your acceptable risk as a firm, and balance risk against flexibility and convenience. For compliance issues there’s no question that you work with the personnel, policies and procedures, and technology to find the ways in which you comply to the rules, regulations and laws as a firm.

Any closing thoughts?

One of the issues with our area is that it is hard to get anybody to talk about it. Everybody has the same issues, but nobody wants to talk about it. On the flip side, you hear a lot about hackers and “the bad guys” sharing lots of information and techniques to enable the malware to come faster than the resolution.

Everybody has risks and issues, and the technology always moves faster than regulations and the security companies. I’m not sure if that will ever change. I think you have to partner with good business partners that try and deal with the malware, the security issues, as well as the compliance and regulations. Many of our vendors are able to provide support in multiple areas, which helps us. Initially we implemented Websense content filtering to block the Internet sites that were against firm policy. Now, we also use it to block malware sites and hacking sites and phishing sites and various protocols. So it’s benefited us in a lot of ways. What started with a single need back in 2000 now fulfills multiple needs.

Desmond is events editor for Network World and president of PDEdit, an IT publishing company in Southborough, Mass. Reach him at paul@pdedit.com.

Learn more about this topic

Defending the defense industry09/10/07Good policy makes for good security09/10/07
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2