Sarbanes Oxley Technology

VCs to take a look at SAAS compliance vendors?

Tue, 03 Jun 2008 06:59:59 -0400

You've no doubt heard a lot about software as a service over the past few years. It's one of the perennial "trends" that people are always rediscovering. But the number of compliance-oriented vendors embracing SAAS has been impressive. But how viable is the business? Kyriba, a SAAS cash and treasury management provider, just announced it raised $7 million from VC firm Coface and current investors GRP Partners and Banque Populaire. This is a modest deal to be sure, but you have to wonder if other VCs are looking for investment in this arena. It may be a growth business, but I'm not so sure we'll see such investment in more Sarbox-specific companies. So has the entrepreneurial wave has crested already when it comes to the compliance industry?

For more:
- here's an article from PEhub
- here's an article from the North County Times

IT folks struggling with compliance, still

Tue, 20 May 2008 06:59:59 -0400

Is anyone really surprised by this? A recent survey by Shavlik Technologies (vendor survey alert!) has found that IT professionals are still struggling with compliance issues, according to Redmond Channel Partner Online. The survey, which asked questions of attendees at RSA Conference and Infosecurity Europe, said that "the No. 1 difficulty among IT pros was finding an all-encompassing approach to tackle vulnerabilities, protect data and meet compliance objectives--all while doing that pesky thing: their actual jobs." This situation stands to get even worse as budgets shrink. The to priorities are not surprising: 1) Data protection, integrity and information leakage, 2) Internal network security, and 3) IT policy and governance. If there is some sort of breech, you can bet the IT will be among the first questions. They know this all too well.

For more:
- here's the article

Data center growth to explode

Tue, 20 May 2008 06:59:59 -0400

We've been talking a lot about the growth of data centers, a market that has skyrocketed because of Sarbanes-Oxley and other regulations, as well as the need for better disaster recovery options. Large companies are set to boost the market again in 2008. According to a survey by Digital Realty Trust, nearly 90 of 300 large US firms said they "would definitely or probably expand their data centers over the next 12 months," notes CBR. Almost half say they will expand to three or more data center locations. Square footage is expected to grow by 50. All this at a time when IT budgets are under pressure. Some are warning that this growth looms as a nightmare in terms of the costs of running and cooling all those servers. Energy's not cheap these days. But what choice do companies have?

For more:
- here's the CBR article
- here's a CIO Insight article on the looming problems

What's on the minds of security chiefs?

Tue, 29 Apr 2008 06:59:59 -0400

Good controls and solid processes assume good security. So one could argue the chief security officer role has grown in stature as well as salary. These days, according to a new survey from Frost & Sullivan, reputational damage is foremost on the minds of executives, more so than other more compliance-oriented concerns such as data breaches. Could the shift be reflecting the growing media awareness of security issues? Companies and government agencies that report breaches, not matter how minor, are pilloried in the press, that's for sure.

For more:
- here's an article from CIO

Cyber attacks a Sarbox issue?

Tue, 22 Apr 2008 06:59:59 -0400

We all are aware of the threat of a cyber attack. But is that threat really a Sarbanes-Oxley issue? One commentator at CSOonline.com raises the issue by pointing out a 10Q filed by Respironics, a medical device maker recently acquired by Royal Philips Electronics, that noted a cyber attack could cause a material difference in reported earnings vs. forward-looking earnings. That an attack would shut down business is a remote possibility, but a possibility nonetheless. The issue, of course, is what to do about it; What could function as a control? Not that you need any more motivation.

For more:
- here's the commentary

Search the web for: Respironics | Royal Philips Electronics

Software-as-a-service and compliance, a good fit?

Tue, 15 Apr 2008 06:59:59 -0400

Has your company taken the software-as-a-service plunge? Many companies, especially smaller ones, have latched onto the idea in many areas. But what about security and compliance? It might strike some as an odd fit. Qualys has just launched what it calls the the first software-as-a-service security suite with compliance features built in, reports eWeek. Basically, it is an app that allows users to create automated scans for security data based on key regulations, such as Sarbanes-Oxley. It also will create automated reports. At most companies, the keys likely are to be costs and the inertia of doing things the "old way," with spreadsheets and the like. In this environment, it may be somewhat of a tough sell. But we'll see.

For more:
- here's an article from eWeek

The pain points for compliance support

Tue, 08 Apr 2008 06:59:59 -0400

Computer Technology Review brought together three experts to discuss compliance, e-discovery and relevant IT issues. One question was about the "pain points" that companies likely will feel this year. The answer ran along these lines: somehow store and accounting for all types of electronic communications in a way that satisfies all departments, from IT to legal, at a time when the budget isn't likely to expand. To keep up, you may be looking at some upgrades, to a new Exchange version at least, that may prove costly. But when the budget rubber hits the road, you will be forced to come up with ways to Band-Aid your current system. Good luck. Probably a good idea to look into this now. The last thing you want is to come up short during a legal proceeding.

For more:
- here's the Computer Technology Review item

Related Articles:
Compliance readiness: A way of life. Article
Compliance basics for the uninitiated. Article

Compliance features still migrating into big apps

Tue, 18 Mar 2008 07:59:59 -0400

There are a whole lot of vendors out there hawking compliance-related products. The GRC market seems to be faring decently, even at a time when the technology spend at many companies is coming under pressure. The big vendors may see an expanded opportunity for their built-in compliance features. We've noted that Oracle, IBM and SAP have been expanding their suites to include more compliance features. Now comes Microsoft. It is rolling out a host of upgraded midmarket products. The new release of Dynamics AX, an enterprise resource planning program known as AX 5.0, now includes a compliance center, where people can access Sarbanes-Oxley data.

For more:
- here's a ChannelWeb article

Time to embrace thin clients?

Tue, 29 Jan 2008 06:59:59 -0500

Thin client computing--basically the use of scaled down front-end machines that connect workers to servers that hold all the data and apps--may be in for a revival of sorts. The concept has come into and out of vogue in cycles over the last decade or so. But now people are talking about the use of such clients as a way to produce a stronger compliance program. It makes sense. Would it not be safer to simply make it impossible for data to be stored on a workstation? Let a central server in a secure data center do all that. Makes it much easier to control. And compliance is all about control. We're seeing more vendors hit this angle in their marketing. HP is certainly on the bandwagon.

For more:
- here's an article on HP's latest initiative
- here's some background

Sarbox driving a "back to basics"IT approach?

Tue, 22 Jan 2008 06:59:59 -0500

A new TechTargets survey has found something interesting about the upcoming year. Corporate IT will return to basics, veering around the newfangled stuff (like Web 2.0) for at least a year. Once again IT staffs are most interested in upgrading the infrastructure so it can "better serve as the backbone not only of corporate computing but also of corporate business processes." And what's driving this? "A perfect storm of factors--a combination of maxed-out data center facilities, corporate demands for disaster proofing, compliance requirements and overloaded IT staffs," according to SearchDataCenter.com. Better blocking and tackling is a must to handle all the archiving and other needs. Data center expansion is at the top of most to-do lists.

For more:
- here's the article