Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand first-hand what is necessary to succeed in today's fast-changing, multi-cloud world. For more information, visit https://divvycloud.com/. The World's Largest "Cloud Digital Transformation" Event @CloudExpo / @ThingsExpo 2017 New York (June 6-8, 2017, Javits Center, Manhattan) @CloudExpo / @ThingsExpo 20... (more)

[session] Enabling #FinTech | @CloudExpo @CloudRaxak #AI #ML #Blockchain

Enabling FinTechs for Success through Business-Driven Cloud Security FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, will show FinTechs how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continuous compliance, and set themselves up for success. Speaker Bio Sesh Murthy is the Co-Founder and CTO of Cloud Raxak. Before Cloud Raxak, he was the Vice President of Cloud Innovation at IBM Global Services. He has 29 years of experience in creating value for customers in cloud and technology se... (more)

The Dark Side of SSH Key Compliance | @CloudExpo #Cloud #AI #Compliance

Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance. It's all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn't matter whether that access is being requested by a machine, admin or business user. The fact is that: Oversight and control are sorely lacking in many organizations. They do not have visibility into SSH user key-based trusts or monitoring capabilities. They lack processes for provisioning ownership, revocation and rotation of keys. There is no ownership of the access b... (more)

Evaluating Hybrid Cloud | @CloudExpo #SDN #DataCenter #Compliance

Bringing Sanity to Evaluating Hybrid Cloud Technology is advancing at a rapid pace. To keep up, organizations must now take more strategic approaches to their business management solutions that support respective requirements. Today, in every organization, conflicting interests, misinformation, and fear of change make it difficult to know how to navigate the cloud safely. That's why, when making a sensible technology plan for the times ahead, it's crucial to ask the following questions to wade through the confusion. 1. What regulatory requirements govern your data? Understanding the state and federal compliance requirements that apply to one's business data is a process, not an event. Data protection requirements are increasingly strict, while enforcement penalties are on the rise. That's why businesses need to define and document specific compliance requirements. O... (more)

CI/CD Pipelines | @DevOpsSummit #AI #ML #CI #CD #DevOps #Monitoring

For a while already we have been working with a large enterprise client, helping them to migrate their on-premise workloads to the cloud. Of course, as added value to the process, they are also migrating their legacy development processes to the modern, better, agile DevOps approach. And of course, they have built a modern Continuous Integration/Continuous Delivery (CI/CD) pipeline consisting of Bitbucket, Jenkins, Artifactory, Puppet and some relevant testing frameworks. “It is all great!”, you would say “what is the problem?”. Because I am on all kinds of mailing lists for this client, I noticed recently that my dedicated email inbox started getting more and more emails related to the CI/CD pipeline. Things like unexpected Jenkins build failures, artifacts cannot be downloaded, server outages and so on and so on. You already guessed it – emails that report proble... (more)

Three Steps to Painless Compliance | @DevOpsSummit #DevOps #BusinessIntelligence

Three Steps to Painless Compliance By Patrick Bishop Ask any IT person from the financial sector about SOX requirements and they’ll probably use some colorful language about how much time and money it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by global consultant Protiviti, the average annual internal cost of SOX Compliance Costs is over $1.2 million dollars, with 27% of these firms spending 2 million or more. Having worked with lots of financial institutions in my time, I’ve seen my fair share of IT people feeling overburdened by the demands of keeping up with regulations. Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming. To be effective and lighten the compliance load you need automation, yes, but you also need intelligence about what’s happening across your pipeline. Release orche... (more)

Automating Security #Compliance on #AWS | @CloudExpo @CloudRaxak #AI

Download ▸ Here Automating Security Compliance on Amazon Web Services The unique combination of Amazon Web Services and Cloud Raxak, a Gartner Cool Vendor in IT Automation, provides a seamless and cost-effective way of securely moving on-premise IT workloads to Amazon Web Services. Any enterprise can now leverage the cloud, manage risk, and maintain continuous security compliance. Forrester's analysis shows that enterprises need automated security to lower security risk and decrease IT operational costs. Through the seamless integration into Amazon Web Services, Raxak Protect automates security for any workload running on traditional IT, private clouds, and public clouds. A line of business user with no security experience can now provision a VM on Amazon Web Services with a CISO (Chief Information Security Officer) defined security profile (e.g., PCI-DSS, HIPAA, ... (more)

Sarbanes-Oxley and Web Services

This article makes the case that Web services provide a significant benefit to Sarbanes-Oxley compliance projects, and that they will therefore be used extensively on these projects. We begin with a very brief primer on the Sarbanes-Oxley Act, then describe the connection between SOX and Web services, including an outline of how most Sarbanes-Oxley projects are conducted, and where Web services fit in. Finally, I offer some specific actions you can take today to get yourself ready for Sarbanes-Oxley A Sarbanes-Oxley Primer The Sarbanes-Oxley Act of 2002, which applies to all companies traded on U.S. stock exchanges, was enacted into law in response to financial scandals such as Enron, MCI, and others. The law puts into place tough requirements and penalties to ensure that companies' financial statements accurately represent their business position. There are numerous... (more)

My Personal 2010 Predictions

New Year 2010 on Ulitzer In an effort to save a lot of pain and suffering for those people who don’t want to read an incredibly long blog post, I have a nice little summary table.  The predictions run the gamut of my personal and professional interests, so they may not be 100% interesting to all people. 99% of All Decade Lists That Come This Year Will Be Wrong Twitter Will Become A Footnote Real Time Has Had It’s Time Interest Rates Will Begin To Rise Housing Prices Being To Stall And Then Fall Jorge Lorenzo Will Win MotoGP World Championship Netbook Market Disappears Apple’s Disdain For Developers Will Reach A Tipping Point ChromeOS Proves To Be Another Of Google’s Failures The Final Season Of Lost Will Not Be Seen Foundations For The Repeal Of Sarb-Ox The Venture Business, As We Know It, Is Dead Oil Trading Draws Legislative Scrutiny Windows Mobile 7 Will Impress ... (more)

Auto Compliance | @CloudExpo @CloudRaxak #Storage #BigData #DataCenter

Click Here to Download Guide Now! Cloud computing delivers on-demand IT resources that provide businesses flexibility. The challenge is the cost and complexity of cloud security compliance (PCI, HIPAA, FFIEC). Raxak Protect automated cloud security enables cloud apps to be deployed quickly and cost-effectively. Get the guide to decreasing your security costs up to 50% through automated cloud security. How to Secure Cloud Applications through Automated Compliance Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of manag... (more)

Big Challenges of #BigData | @CloudExpo @Gemalto #Security #AI #ML #DL

Download White Paper ▸ Here Between 2005 and 2020, data volumes will grow by a factor of 300 - enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘Big Data' phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren't adequate at this scale: they're too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they break many of the traditional security approaches on which enterprises depended. In these massive data volumes, how are organizations going to ensure that their customer information is safe from people looking to exploit it? Is it possible to adopt Big Data technologies while demonstrating compliance with industry regulations? Will security get i... (more)