Assuring Secure Compliance
A good identity management and authentication system can make this procedure much less painful and time-consuming. Strong authentication and identity management systems provide a high level of assurance that only authorized people have access to vital company resources. These systems also can tell who has accessed what and when. This information can be vital when dealing with any compliance issue. One way to ensure strong access control is to leverage two-factor authentication. When you think authentication, you tend to think RSA—and rightly so, as RSAs Sign-On Manager has performed well in our tests. Another product that has performed well in this area is Courions Enterprise Provisioning Suite, which provides enterprise-class controls over user access and passwords.Its true that businesses should follow good practices and procedures to maintain strong security—not just to comply with an industry or a government regulation—but these security guidelines also provide a good base line for knowing how your company is doing when it comes to meeting requirements to lock down vital networks, systems and applications. Compliance-aware tools that scan for holes and vulnerabilities in everything from Web applications to servers to entire company networks should offer a comprehensive collection of canned reports to help administrators detect if their implementations are meeting certain requirements. Nowadays, you would have to look pretty hard to find a security scanning product that didnt provide lots of canned compliance reports. Most important, though, is to make sure the product you are using or evaluating can effectively scan the things you need to protect. Products such as Hercules Citadel can check networks and systems for potential compliance-breaking holes, for example, while quality assurance scanners such as those from Watchfire and SPI can help find holes in Web applications before they go live. Systems and Network Management Like security tools, systems and network management tools offer compliance assistance through their ability to create custom reports on how a corporate infrastructure is meeting certain regulations and requirements. As our recent reviews of event log managers such as Quest Softwares InTrust 9.0 and configuration management products such as Configuresofts ECM (Enterprise Configuration Manager) 4.8 have shown, these tools provide a good real-time look at how an IT infrastructure is complying with a variety of regulations: They make it possible to track servers, systems and networks to detect when and why changes and failures occur on systems. Also like security tools, systems and network management applications often include prebuilt reports and modules for tracking compliance with specific regulations and procedures. Configuresoft, for example, makes available no-cost compliance tool kits for many financial, health care and security guidelines with its Enterprise Configuration Manager solution. Technology Editor Jim Rapoza can be reached at firstname.lastname@example.org. Check out eWEEK.coms for the latest news, commentary and analysis on regulatory compliance.
Security and Vulnerability Scanners