Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Three Steps to Painless Compliance By Patrick Bishop Ask any IT person from the financial sector about SOX requirements and they’ll probably use some colorful language about how much time and money it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by global consultant Protiviti, the average annual internal cost of SOX Compliance Costs is over $1.2 million dollars, with 27% of these firms spending 2 million or more. Having worked with lots of financial institutions in my time, I’ve seen my fair share of IT people feeling overburdened by the demands of keeping up with regulations. Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming. To be effective and lighten the compliance load you need automation, yes, but you also need intelligence about what’s happening across your pipeline. Release orche... (more)

Evaluating Hybrid Cloud | @CloudExpo #SDN #DataCenter #Compliance

Bringing Sanity to Evaluating Hybrid Cloud Technology is advancing at a rapid pace. To keep up, organizations must now take more strategic approaches to their business management solutions that support respective requirements. Today, in every organization, conflicting interests, misinformation, and fear of change make it difficult to know how to navigate the cloud safely. That's why, when making a sensible technology plan for the times ahead, it's crucial to ask the following questions to wade through the confusion. 1. What regulatory requirements govern your data? Understanding the state and federal compliance requirements that apply to one's business data is a process, not an event. Data protection requirements are increasingly strict, while enforcement penalties are on the rise. That's why businesses need to define and document specific compliance requirements. O... (more)

Automating Security #Compliance on #AWS | @CloudExpo @CloudRaxak #AI

Download ▸ Here Automating Security Compliance on Amazon Web Services The unique combination of Amazon Web Services and Cloud Raxak, a Gartner Cool Vendor in IT Automation, provides a seamless and cost-effective way of securely moving on-premise IT workloads to Amazon Web Services. Any enterprise can now leverage the cloud, manage risk, and maintain continuous security compliance. Forrester's analysis shows that enterprises need automated security to lower security risk and decrease IT operational costs. Through the seamless integration into Amazon Web Services, Raxak Protect automates security for any workload running on traditional IT, private clouds, and public clouds. A line of business user with no security experience can now provision a VM on Amazon Web Services with a CISO (Chief Information Security Officer) defined security profile (e.g., PCI-DSS, HIPAA, ... (more)

CI/CD Pipelines | @DevOpsSummit #AI #ML #CI #CD #DevOps #Monitoring

For a while already we have been working with a large enterprise client, helping them to migrate their on-premise workloads to the cloud. Of course, as added value to the process, they are also migrating their legacy development processes to the modern, better, agile DevOps approach. And of course, they have built a modern Continuous Integration/Continuous Delivery (CI/CD) pipeline consisting of Bitbucket, Jenkins, Artifactory, Puppet and some relevant testing frameworks. “It is all great!”, you would say “what is the problem?”. Because I am on all kinds of mailing lists for this client, I noticed recently that my dedicated email inbox started getting more and more emails related to the CI/CD pipeline. Things like unexpected Jenkins build failures, artifacts cannot be downloaded, server outages and so on and so on. You already guessed it – emails that report proble... (more)

Big Challenges of #BigData | @CloudExpo @Gemalto #Security #AI #ML #DL

Download White Paper ▸ Here Between 2005 and 2020, data volumes will grow by a factor of 300 - enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘Big Data' phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren't adequate at this scale: they're too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they break many of the traditional security approaches on which enterprises depended. In these massive data volumes, how are organizations going to ensure that their customer information is safe from people looking to exploit it? Is it possible to adopt Big Data technologies while demonstrating compliance with industry regulations? Will security get i... (more)

Choosing Your Mobile Device Management Solution | @CloudExpo #Cloud #Compliance

10 Things to Consider As You Choose Your Mobile Device Management Solution By Nikhil Nayak, Product Analyst, ManageEngine The past decade has seen an increasing trend in employees using mobile devices like smartphones and tablets to aid in their work. This trend has fostered organizations to adopt practices like bring-your-own-device (BYOD) with hopes of improving employee productivity and efficiency. There is, however, a downside to this because such practices pose major risks concerning corporate data security and data management. In order to ward off these risks, enterprises seek out reliable mobile device management (MDM) solutions. There are many solutions out there, but selecting the right solution for your enterprise may seem challenging - especially if you're not aware of what to look out for. Here is a list of 10 things to consider as you choose your MDM so... (more)

[session] #Compliance in the Cloud | @CloudExpo @IBMcloud #DevOps #InfoSec

Regulatory Compliance in the Cloud Regulatory requirements exist to promote the controlled sharing of information, while protecting the privacy and/or security of the information. Regulations for each type of information have their own set of rules, policies, and guidelines. Cloud Service Providers (CSP) are faced with increasing demand for services at decreasing prices. Demonstrating and maintaining compliance with regulations is a nontrivial task and doing so against numerous sets of regulatory requirements can be daunting task. CSPs need a foundation that provides a uniform, non-repetitive view across all the requirements. In his session at 19th Cloud Expo, David Jenkins, an Executive Architect at IBM working in the Office of the US Federal CTO, will discuss an approach that can greatly simplify the process of demonstrating and maintaining compliance across num... (more)

[slides] Secure Cloud | @CloudExpo @SearchYourCloud #Security #Compliance

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Staying Secure and Organized in the Cloud As companies adopt the cloud-to-streamline workflow, deployment hasn't been very seamless because of IT concerns surrounding security risks. The cloud offers many benefits, but protecting and securing information can be tricky across multiple cloud providers and remains IT's overall responsibility. Download Slide Deck: ▸ Here In his session at 19th Cloud Expo, Simon Bain, CEO of SearchYourCloud, addressed security compliance issues associated with cloud applications and how document-level encryption is critical for supplementing existing enterprise security solutions. He drew from case studies, outlined best practices for businesses and demoed how data can be transported and stored to and from the cloud already encrypted and securely accessed no matter where it’s sto... (more)

My Personal 2010 Predictions

New Year 2010 on Ulitzer In an effort to save a lot of pain and suffering for those people who don’t want to read an incredibly long blog post, I have a nice little summary table.  The predictions run the gamut of my personal and professional interests, so they may not be 100% interesting to all people. 99% of All Decade Lists That Come This Year Will Be Wrong Twitter Will Become A Footnote Real Time Has Had It’s Time Interest Rates Will Begin To Rise Housing Prices Being To Stall And Then Fall Jorge Lorenzo Will Win MotoGP World Championship Netbook Market Disappears Apple’s Disdain For Developers Will Reach A Tipping Point ChromeOS Proves To Be Another Of Google’s Failures The Final Season Of Lost Will Not Be Seen Foundations For The Repeal Of Sarb-Ox The Venture Business, As We Know It, Is Dead Oil Trading Draws Legislative Scrutiny Windows Mobile 7 Will Impress ... (more)

SharePoint Gone Wild: When Governance Lacks Compliance

If you've missed any previous part of this blog series, you can read them here. When people think of "compliance" from a Microsoft SharePoint perspective, it can mean a lot of things to a lot of different people. Every organization will have different considerations for compliance: Essentially, which regulations they need to comply with according to their specific industry vertical, including HIPAA/HITECH, DOD 5015, Section 508 and WCAG 1.0 and 2.0. There are two main drivers for compliance I see in organizations for SharePoint, due to the risk of non-compliance and subsequent legal and financial penalties: Records Management Legal e-Discovery In my post last week on governance and discoverability, I focused on the typical stories I hear around people not being able to find content they need. Compliance takes this a step further, because legal teams and records ma... (more)

Secure Applications By @CloudRaxak | @CloudExpo #BigData #SaaS #API #IoT

How to Secure Cloud Applications Through Automated Compliance Businesses want to take advantage of the flexibility and cost benefits of running applications in the public cloud. To balance the benefits and risks, businesses need to deliver consistent security compliance across both private and public clouds. To develop their security compliance strategy, executives need to determine what cloud workloads to secure and how to secure them. In his session at 17th Cloud Expo, Sesh Murthy, Co-Founder and SVP of Sales and Customer Care, will show how any business can automate security compliance for any workload in the cloud. The cloud workload security requirements for regulated industries like finance (FFIEC), healthcare (HIPAA) and retail (PCI) are clear. For all other cloud applications, applying the Defense Information System Agency (DISA) guides for security complian... (more)