Although Sarbanes-Oxley compliance has been a complex task for businesses, many are realising that compliance requirements can help improve the efficiency of their operations.
John Worrall, vice-president for marketing at RSA Security, said, "Many firms that rushed systems into place to meet the end-of-year deadlines are coming back and saying, 'I got through the first part, now what can I improve?' Whether that would be improving business processes or becoming more efficient."
Sarbanes-Oxley is raising interest in single sign-on technology to authenticate the identities of staff connecting to IT systems, RSA said.
"If you talk to companies, compliance is the number one or number two issue," said Worrall.
Businesses that rely on password protection alone are having to answer detailed questions from auditors about their password policies, such as how often passwords are replaced and how strong they are, he said.
Many firms are struggling to encrypt their databases to ensure sensitive data is adequately protected, Worrall said. Although RSA is helping firms develop tailor-made systems, there are no off-the-shelf answers.
"Some solutions are going to be hard to figure out. Strong authentication of people can be done, but database encryption is complex and difficult," said Worrall.
RSA is developing best practice guidelines on encryption, strong authentication and complying with corporate governance regulations.