Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance. It's all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn't matter whether that access is being requested by a machine, admin or business user. The fact is that: Oversight and control are sorely lacking in many organizations. They do not have visibility into SSH user key-based trusts or monitoring capabilities. They lack processes for provisioning ownership, revocation and rotation of keys. There is no ownership of the access b... (more)

Multi-Cloud Movement | @CloudExpo @VMware #DataCenter #Compliance #DigitalTransformation

Keeping Pace with the Multi-Cloud Movement A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud solution ideal for all applications, and some applications might not fit the cloud at all. For example, certain applications have more stringent security or compliance requirements that require a private cloud or traditional on-premises deployment. For the foreseeable future, the majority of companies will maintain a hybrid cloud env... (more)

DivvyCloud to Exhibit at @CloudExpo NY | @DivvyCloud #Security #Compliance

SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in real time. DivvyCloud was founded by seasoned technologists who understand first-hand what is necessary to succeed in today's fast-changing, multi-cloud world. For more information, visit https://divvycloud.com/. The World's Largest "Cloud Digital Transformation" Event @CloudExpo / @ThingsExpo 2017 New York (June 6-8, 2017, Javits Center, Manhattan) @CloudExpo / @ThingsExpo 20... (more)

CI/CD Pipelines | @DevOpsSummit #AI #ML #CI #CD #DevOps #Monitoring

For a while already we have been working with a large enterprise client, helping them to migrate their on-premise workloads to the cloud. Of course, as added value to the process, they are also migrating their legacy development processes to the modern, better, agile DevOps approach. And of course, they have built a modern Continuous Integration/Continuous Delivery (CI/CD) pipeline consisting of Bitbucket, Jenkins, Artifactory, Puppet and some relevant testing frameworks. “It is all great!”, you would say “what is the problem?”. Because I am on all kinds of mailing lists for this client, I noticed recently that my dedicated email inbox started getting more and more emails related to the CI/CD pipeline. Things like unexpected Jenkins build failures, artifacts cannot be downloaded, server outages and so on and so on. You already guessed it – emails that report proble... (more)

Don’t Get Lost in the Cloud | @CloudExpo @RackWare #Compliance #AI #DX #HybridCloud

For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers balance and flexibility. It helps companies achieve a wide array of business goals, including availability, reliability, security and cost-efficiency. Still, there are a number of challenges associated with hybrid cloud. Here are four management issues that companies need to address to enjoy a successful hybrid cloud implementation. Managing complexity. More clouds can sometime... (more)

Choosing Your Mobile Device Management Solution | @CloudExpo #Cloud #Compliance

10 Things to Consider As You Choose Your Mobile Device Management Solution By Nikhil Nayak, Product Analyst, ManageEngine The past decade has seen an increasing trend in employees using mobile devices like smartphones and tablets to aid in their work. This trend has fostered organizations to adopt practices like bring-your-own-device (BYOD) with hopes of improving employee productivity and efficiency. There is, however, a downside to this because such practices pose major risks concerning corporate data security and data management. In order to ward off these risks, enterprises seek out reliable mobile device management (MDM) solutions. There are many solutions out there, but selecting the right solution for your enterprise may seem challenging - especially if you're not aware of what to look out for. Here is a list of 10 things to consider as you choose your MDM so... (more)

[session] Enabling #FinTech | @CloudExpo @CloudRaxak #AI #ML #Blockchain

Enabling FinTechs for Success through Business-Driven Cloud Security FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, will show FinTechs how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continuous compliance, and set themselves up for success. Speaker Bio Sesh Murthy is the Co-Founder and CTO of Cloud Raxak. Before Cloud Raxak, he was the Vice President of Cloud Innovation at IBM Global Services. He has 29 years of experience in creating value for customers in cloud and technology se... (more)

Automating Security #Compliance on #AWS | @CloudExpo @CloudRaxak #AI

Download ▸ Here Automating Security Compliance on Amazon Web Services The unique combination of Amazon Web Services and Cloud Raxak, a Gartner Cool Vendor in IT Automation, provides a seamless and cost-effective way of securely moving on-premise IT workloads to Amazon Web Services. Any enterprise can now leverage the cloud, manage risk, and maintain continuous security compliance. Forrester's analysis shows that enterprises need automated security to lower security risk and decrease IT operational costs. Through the seamless integration into Amazon Web Services, Raxak Protect automates security for any workload running on traditional IT, private clouds, and public clouds. A line of business user with no security experience can now provision a VM on Amazon Web Services with a CISO (Chief Information Security Officer) defined security profile (e.g., PCI-DSS, HIPAA, ... (more)

Evaluating Hybrid Cloud | @CloudExpo #SDN #DataCenter #Compliance

Bringing Sanity to Evaluating Hybrid Cloud Technology is advancing at a rapid pace. To keep up, organizations must now take more strategic approaches to their business management solutions that support respective requirements. Today, in every organization, conflicting interests, misinformation, and fear of change make it difficult to know how to navigate the cloud safely. That's why, when making a sensible technology plan for the times ahead, it's crucial to ask the following questions to wade through the confusion. 1. What regulatory requirements govern your data? Understanding the state and federal compliance requirements that apply to one's business data is a process, not an event. Data protection requirements are increasingly strict, while enforcement penalties are on the rise. That's why businesses need to define and document specific compliance requirements. O... (more)

Secure Cloud through Automated Compliance | @CloudExpo @CloudRaxak #Cloud #BigData #DevOps #Microservices

How to Secure Cloud Applications through Automated Compliance Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical to maintaining positive ROI. Raxak Protect is an automated security compliance SaaS platform and managed service, that enables cloud apps to be deployed securely, quickly, cost-effectively, and without human error. The IBM Cloud offers open cloud infrastructure services for IT operations, including using SoftLayer ... (more)

A Storage Management Perspective on Sarbanes Oxley

Mention storage in the same breath as Sarbanes Oxley and the immediate reaction of senior management might be to hide the checkbook. Invariably a vendor is making a pitch on how the latest, and greatest, WORM-enabled, opto-magnetic, network replicated gizmo is going to solve all of their problems. SOX has become the latest in a line of vehicles to which vendors have hitched their wagons in order to sell more gear (remember the Y2K buying frenzy?). The sad truth of the matter is that you could have the greatest technology in the world and still miserably fail a compliance audit. The Storage Manager's Dilemma Don't get me wrong - vendors are not solely to blame. To quote that great American philosopher Pogo, "We have met the enemy and he is us." Many organizations procrastinated before giving serious consideration to SOX, particularly to Section 404's compliance requir... (more)