News

Compliance tasks offer extra benefit

Bill Goodwin
Businesses that completed their IT projects for Sarbanes-Oxley and other financial compliance regulations last year are re-visiting their work to look at more effective means of implementation.

Although Sarbanes-Oxley compliance has been a complex task for businesses, many are realising that compliance requirements can help improve the efficiency of their operations.

John Worrall, vice-president for marketing at RSA Security, said, "Many firms that rushed systems into place to meet the end-of-year deadlines are coming back and saying, 'I got through the first part, now what can I improve?' Whether that would be improving business processes or becoming more efficient."

Sarbanes-Oxley is raising interest in single sign-on technology to authenticate the identities of staff connecting to IT systems, RSA said.

"If you talk to companies, compliance is the number one or number two issue," said Worrall.

Businesses that rely on password protection alone are having to answer detailed questions from auditors about their password policies, such as how often passwords are replaced and how strong they are, he said.

Many firms are struggling to encrypt their databases to ensure sensitive data is adequately protected, Worrall said. Although RSA is helping firms develop tailor-made systems, there are no off-the-shelf answers.

"Some solutions are going to be hard to figure out. Strong authentication of people can be done, but database encryption is complex and difficult," said Worrall.

RSA is developing best practice guidelines on encryption, strong authentication and complying with corporate governance regulations.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy