Compliance in Review

Looking back at just some of our more recent product reviews, one could make a good argument that compliance should be measured across multiple product categories.

When you review hundreds of products a year, certain characteristics and parameters emerge across multiple product categories. Over the years, eWEEK Labs has used benchmarks including performance, security, scalability and interoperability for nearly every product that weve tested. Looking back at just some of our more recent product reviews, one could make a good argument that compliance is now a parameter that should be measured across multiple product categories.

Password Tools Lower Compliance Costs

Jan. 9, 2006

"One thing weve heard repeatedly from IT managers who have implemented user identity management systems—from federated identity tools to two-factor authentication systems—is that doing so drastically reduces the amount of paperwork needed to prove that the organization is always in control and able to account for user access to enterprise systems. Instead of walking auditors through reams of change-request forms and showing how each of those forms is handled when an employee is hired, moved or fired, IT managers can instead show a relatively simple password enforcement policy. For savvy IT managers, this is a good way to demonstrate to the business side of the enterprise that IT not only can support business processes but also can reduce friction with auditors."

Cameron Sturdevant

Keeping Systems in Check

May 1, 2006

"Since the last time we looked at ECM [Enterprise Configuration Manager], in 2003, the product has gained crucial support for Unix and Linux operating systems. Version 4.8 also offers report templates that will make it easier to track infrastructure compliance with several key regulations, including

Graham-Leach-Bliley, Sarbanes-Oxley and HIPAA [Health Insurance Portability and Accountability Act]. The product also offers reports for industry best-practice and audit guidelines, including FISMA [Federal Information Security Management Act]."

Cameron Sturdevant

StillSecure Vulnerability Tool Offers In-Depth Reports

Dec. 12, 2005

"StillSecure VAMs robust vulnerability repair workflow, which was available in previous versions, let us home in on problem systems. The workflow functions like a mini-help-desk system: As vulnerabilities were discovered in target systems, we could assign repair jobs and rerun scans to ensure that problems got fixed.

We used several of the 60-plus included reports to correlate repair status by machine and technician to ensure that our systems were being repaired in a timely fashion. IT managers will likely find these reports useful for demonstrating compliance with regulations that require companies to show due diligence in making repairs to systems containing private or sensitive information."

Cameron Sturdevant

To Protect and Preserve

April 24, 2006

"So, what exactly is a CAS [content-addressed storage] solution? Its an intelligent repository used to store and preserve business data, such as documents and e-mail messages. CAS solutions can be used effectively by a wide range of organizations, but they are best suited for the storage of compliance-sensitive documents, such as medical records, blueprints, invoices and e-mail messages. Through the use of identifiers, IT managers can ensure that sensitive business content is not altered, preserving the paper trail within the context of a paperless environment—a requirement for compliance in many types of industries."

Henry Baltazar

Rights Management Apps Help Control Content

June 27, 2005

"As companies continue to grapple with regulatory compliance issues—as well as with their corporate-governance initiatives—rights management platforms can help garner control of content inside and outside the corporate firewall.

Through high-level policies and individual permission restrictions, a good enterprise-class rights management system makes it possible for a business to control how documents, e-mails and even content in server-based applications are viewed and transferred. Rights management applications also allow companies to determine how content can be edited, printed, forwarded or even captured as a screen shot.

Businesses should be realistic about the capabilities of an enterprise rights management system. They shouldnt expect total control over document usage and access, because anyone determined enough to get around one of these systems will be able to do so. However, rights management applications … provide important audit trails, and they can prevent accidental or careless transmission of sensitive data."

Jim Rapoza

APM Tackles E-Mail Policies

May 23, 2005

"APM [Active Policy Management] has policy libraries to help companies more quickly address regulatory requirements. Companies will still need to tune the policies for some regulations, such as building and maintaining restricted lists or blocking communications across internal boundaries."

Michael Caton


Check out eWEEK.coms for the latest news, commentary and analysis on regulatory compliance.