Many of us in the information technology industry are waking up to the fact that the government wants to be a big part of our daily business lives. Other industries live and die within the framework of government regulations: The FAAs for aviation and the FDAs for pharmaceuticals and biotech are only two examples. From Sarbanes-Oxley to Basel II to Gramm-Leach-Bliley, it is just a matter of time until a significant amount of the IT infrastructure finds itself under the watchful eye of the U.S. government. When that happens, it will be difficult indeed to find an industry of any significance that remains unregulated.
Its now 2004, and organizations are facing complex requirements to comply with ever-increasing security and privacy regulations. As a result, enterprise governance is becoming a critical business driver for senior corporate management and board members.
Existing regulations such as Sarbanes-Oxley, Basel II and GLB and those pending such as the Corporate Information Security Accountability Act will hold these individuals accountable for the financial integrity of a company and for the protection of its critical information assets and systems.
Electronic signature laws now enable organizations to become electronic enterprises with great efficiency gains. However, the potential is great for misrepresentation, information falsification, and repudiation of decisions and acts.
With these factors in mind, the concept of e-governance is ready for prime time. E-governance is a framework for ensuring the electronic integrity and compliance capability of an electronic enterprise. To be effective, e-governance must encompass an entire enterprise. The days of disparate business groups being served by different silos of information technology are no more.
Further, for a companys electronic governance to be worthy of trust by its stakeholders, the traditional purview of security must be elevated beyond IT to include boards of directors and senior executives.
Regulations are requiring information systems to be validated by senior management so that their logs and data can be admissible in court. This is no easy feat for an industry that has become accustomed, regrettably, to dealing with simple reboot problems.
Ultimately, those organizations that integrate an e-governance strategy into the core of their business will be more competitive and—in the emerging age of government regulation—more likely to survive.
Jacques Francoeur is founder and CEO of TrustEra Inc., a Silicon Valley security company. He can be reached at firstname.lastname@example.org. Ben Rothke, CISSP, is a New York-based security consultant with ThruPoint Inc. McGraw-Hill has just published his book: "Computer Security: 20 Things Every Employee Should Know." He can be reached at email@example.com. Free Spectrum is a forum for the IT community. Send submissions to firstname.lastname@example.org.