Sustainable IT Compliance

By | August 30, 2006

But it´s not just that the volume of email and IM data is exploding. These records are also now commonly subpoenaed and presented as evidence in court. As a result, email, files, and attachments must be easily accessible to authorized legal personnel to search and review for legal discovery. Failure to do so can be costly, as financial services firm Morgan Stanley discovered last year.

In the course of a lawsuit brought by billionaire financier Ronald Perelman, Morgan Stanley couldn´t reliably produce emails for the court. That didn´t sit well with the judge in the case, who ruled that the company deliberately violated her orders. In the end, the jury awarded Perelman $604.3 million in compensatory damages and $850 million in punitive damages.

“The case really illustrated how data retention has become a huge requirement,” Matin says.

The real challenge, then, comes from properly managing this information so that important documents and data are retained in accordance with an appropriate time frame and are readily accessible to those who need to review them. When information critical to the business or legal discovery is not securely stored and readily available, the risk of non-compliance increases.

Endpoint security

At the same time, the demands for critical information to be constantly available present their own challenges. Increasingly, the typical organization´s information is shared with partners, contractors, temporary employees, and workers in far-flung locations. For today´s computing environments, therefore, endpoint security must be a required component of an overall security strategy. Endpoint security solutions enable organizations to evaluate, protect, and remediate managed and unmanaged systems as they connect to corporate assets. Endpoint protection offers a perimeter of defense to ensure that all devices are current with security software before entering the corporate network. This “persistent” enforcement approach enables IT to address the crucial task of protecting the enterprise from exposure of intellectual property, costly network downtime, and possible regulatory fines that can undermine a company´s brand integrity.

“The constant demand for access to information means that data protection has become a much more important issue,” Matin says. “You must take steps to protect data from ´leakage,´ loss, and unauthorized access.”

Sustained compliance

In response to these IT compliance challenges, organizations are increasingly looking at ways to minimize fragmented initiatives, automate procedures and IT security controls, and apply best practices to reduce risk.

Select a framework to comply with multiple regulations – To develop a sustainable compliance posture, organizations are recognizing the value of implementing an overall control framework such as COSO, COBIT, or ISO 17799.

Leave a Reply