Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 2, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Compliance Multi-Tasking: Today's Security Priority

Secure Computing
By : Secure Computing
INFORMATION
Published : Feb 09, 2007
Length : 7
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Driven by increasing regulatory scrutiny and the need to protect key corporate assets, concerns about compliance and data leakage have risen to the top of the priority list for today's corporate executives. Federal US legislation such as HIPAA and GLBA, as well as state laws such as California's SB-1386, clearly define acceptable practices with regards to digital information security. In addition, corporate governance rules have mandated strict policies to deal with authorized and unauthorized access, and the use of sensitive corporate information by employees, partners, and auditors.

Compliance isn't a project that takes a few employees a couple of months to complete. Compliance is a new corporate way of life requiring companies to maintain complete control over sensitive content throughout their organization and throughout its lifecycle. This involves instituting new policies, procedures and processes, including:

  • Creating and maintaining policies that clearly define the company’s approach to user authentication, access, and rights
  • Mapping policies to specific business processes and types of content
  • Protecting networks and systems against inbound threats and attacks
  • Monitoring and detecting violations to those policies
  • Enforcing policies using automated tools
  • Protecting sensitive content, including encryption of protected data
  • Reporting and forensics in order to demonstrate compliance to third-party auditors and executives
View All Items By This Company
Browse Related Categories :

Compliance

,

Corporate Governance

,

Data Protection

,

Database Security

,

HIPAA Compliance

,

Security

,

Security Management

,

Security Policies
 
Requirements for a compliant enterprise

Compliance isn't a project that takes a few employees a couple of months to complete. Compliance is a new corporate way of life requiring companies to maintain complete control over sensitive content throughout their organization and throughout its lifecycle. This involves instituting new policies, procedures and processes, including:

- Creating and maintaining policies that clearly define the company's approach to user authentication, access, and rights

- Mapping policies to specific business processes and types of content

- Protecting networks and systems against inbound threats and attacks

- Monitoring and detecting violations to those policies

- Enforcing policies using automated tools

- Protecting sensitive content, including encryption of protected data

- Reporting and forensics in order to demonstrate compliance to third-party auditors and executives For policies to be effective, they must apply to all communication protocols and technologies used by the employees, including Email, Instant messaging, Web protocols, including blogging and Webmail, Peer-to-peer, FTP, VoIP, and Mobile devices.

Industry analyst firm IDC recommends a security compliance and control model that focuses on three major technology components:

- Content control - Solutions that monitor, secure/encrypt, filter and block content contained in email, IM, P2P, file transfers,

Web postings, and other types of messaging traffic

- Identity and access management - Solutions that identify users in a system and control their access to resources within that system, including single sign-on (Web- or host-based), user provisioning, advanced authentication (including PKI), and legacy authentication

- Security and vulnerability management - Solutions that protect networks from attacks, threats, and sabotage provide early-warning threat intelligence services, and enable forensics and incident investigations

(Source: IDC Worldwide Security Compliance and Control 2006-2010 Forecast and Analysis: Going Beyond Compliance to Proactive Risk Management, September, 2006) Finally, for a company to effectively manage and control security compliance systems within budget and to avoid interference with core business objectives, a solution needs to be:

- Efficient in deploying policies across all protocols

- Easily deployed and centrally managed in a global network

- Quickly integrated into the current infrastructure

- Flexible enough to handle multiple requirements and geographies in one solution

- Robust, redundant and high-speed

- Accurate and efficient in order to minimize human intervention

- Smart enough to understand and enforce policy differences between employees, guests, temporary workers, contractors, third-party agents, and partners

- Easily understood by executives and auditors

- Unobtrusive enough to minimize the impact on employees' daily activities

- Provided by a single vendor with superior technology and best-in-class service

Regulatory alphabet soup

Today's regulatory landscape is a minefield of acronyms, filled with vague directives and ambiguous interpretations. One would think that compliance should be a simple process--a company is either compliant or it's not.

Unfortunately, that's not the way it works. Most regulations are drafted broadly and are often based on minimally acceptable standards. Most companies can't say for certain whether they are in compliance or not until a legal decision creates a concrete precedent.

The following chart provides a sample of the primary regulations facing enterprises today. The list will undoubtedly continue to grow as new legislation and regulations are added to the mix.

Regulation / Protected information / Companies impacted

Base1 II / Banking systems data / Top international banks
State laws (e.g., CA SB-1386) / Consumer data / Anyone doing business in one of 23 states
FISMA and HSPD-12 / Federal agency data / Federal agencies
GLBA / Consumer credit data / Banks and credit agencies
HIPAA / Health care data / Healthcare providers, employers
PCI / Credit card data / Retailers, service providers
PIPEDA / Consumer data / Canadian companies
SEC, NASD, and NYSE rules / Securities transaction data / Securities and brokerages
SOX / Corporate financial data / Public companies
Corporate governance / Intellectual property / All companies

Data leakage concerns

While governments and industry watchdogs are mandating security measures over selected types of content, enterprises have their own business priorities and concerns that are equally vital to their ongoing success.

Companies are complex entities and they create, modify, store and move vast amounts of data every day. Data leakage (a nice way of saying data loss or theft) becomes a significant issue when attempting to create a security compliance environment.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map