Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

Businesses Need to Take Control of Security, Compliance
By Pedro Pereira

Panelists from some of the industry’s leading consulting and integration companies warned that one-size-fits-all solutions don’t work when it comes to systems security and compliance with federal regulations.

Two panels, part of Ziff Davis eSeminars’ Consulting Leadership Virtual Symposium, on Thursday addressed systems security and compliance with federal regulations, hot topics among both clients and consultants.


In panel titled “Beyond SOX: Tactics and Strategies for the New Regulatory Environment,” panelists agreed that, before it’s possible to effectively automate compliance-related functions, it is necessary to take inventory of an organization’s existing technology, to learn where its data resides, what it does and who has access to it.

Tonie Leatherberry, a director at Deloitte Consulting of Deloitte Touche Tohmatsu, New York, said many companies rush to implement compliance systems without stopping to think out how the systems should evolve over several years.

That often results in what she called “Band Aid” solutions. But compliance is an ongoing requirement that require sustainable, dynamic programs, she said.

“I believe the regulations will continue to evolve and will continue to adjust and adapt over the next few years,” she said.

John Pironti, principal enterprise solutions architect at Unisys Corp. of Blue Bell, Pa., said it’s also necessary to take a programmatic approach to compliance processes themselves.

Regulations such as the Sarbanes-Oxley Act, which deals with corporate financial disclosures, came about because too many organizations were not putting in place the necessary controls, he said.

The Channel Insider Special: Managed Services in the Channel

But those regulations call only for a baseline approach, and organizations should think beyond those minimum standards, because they will be better off in the long run, he said, adding, “We need to understand those regulations are here to stay.”

Pironti acknowledged that compliance poses some challenges, especially for companies doing business internationally. The regulations of one country can conflict with those of another, and, at minimum, they can be quite different. For instance, Hong Kong has very different privacy regulations from those of the European Community.

Panelist Bob Myers, resident and COO of Pillar Technology Group LLC in Southfield, Mich., said his company has taken the approach of helping clients become agile and proactive in responding to compliance requirements.

Myers said Pillar underscores to clients the importance of hooking business decisions directly to IT decisions, as opposed to making them independently of each other, so regulatory requirements become easier to manage.

“Good control and management equal a lack of risk,” he said.

Securing the network and the data within it was the topic of another panel, titled “Corporate IT Defense Challenges: Urgent Remedies for Clients at Risk,” during which panelists discussed the need for assessment and access controls.

David Sanders, director of the Critical Infrastructure Practice in the Public Services Sector at McLean, Va.-based integrator BearingPoint Inc., shared what he called a list of “good habits” for protecting IT networks.

For one thing, rather than focus only on threats, organizations must pay more attention to their vulnerabilities and areas of exposure, he said. Too often vulnerabilities are neglected, a dangerous practice that only comes to light after one of those weak points is exploited.

Other good security habits Sanders enumerated include having layered defense techniques, developing response and recovery plans, and enforcing user policies that make use of strong passwords and appropriately restrict user access. He also mentioned the importance of good network visibility—making sure you know what is in the network.

Panelist Ilene Becker-Yarnoff, a principal at integrator Booz Allen Hamilton Inc. in McLean, Va., focused on the need to protect privacy and comply with privacy regulations.

Though a number of laws have been passed to protect privacy, she said, the concept escapes easy definition and companies often are unaware of federal requirements concerning privacy.

If data on an individual can be found through reverse engineering from that person’s identification, she said, “There’s a strong need to look at privacy.”

Channel Insider Special Report: IT Spending in the Channel

To help organizations ensure privacy protection and compliance with federal regulations, Becker-Yarnoff said, Booz Allen Hamilton conducts assessments to ascertain how much of a company’s existing technology can be used to develop a security solution and how much new equipment and software is needed.

With the assessment completed, it is then possible to develop an investment strategy and budget, she said.

Another panelist, Ken Wortendyke, senior solution specialist at Dimension Data PLC, a service provider based in Hauppauge, N.Y., compared today’s IT security infrastructure to that of an airport, which must facilitate the movement of large numbers of people, but must do so securely.

“This is the world we face in our IT environment as well,” he said, adding that IT environments need solutions that minimize threats and provide multiple levels of access and consistent security without overburdening the IT support staff.



Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>

SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>

Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>

Changing Business for the Better: A Practical Guide to BPM

This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.

Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!

Want to gain a competitive edge? Try Microsoft Watch – FREE!

Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly

    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Stay in the Zone
    Put The Channel Insider on your desktop.
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:

    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo