Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

View General Session: ▸ Here Download Slide Deck: ▸ Here Are You Ready for GDPR (The EU General Data Protection Regulation)?? In his general session at 21st Cloud Expo, Greg Dumas, Calligo's Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. View General Session: ▸ Here Download Slide Deck: ▸ Here Speaker Bio Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo's customers are typically most concerned about GDPR compliance, application performance guarantees & data privacy. View General Session: ▸ Here Download Slide Deck: ▸ Here Greg has over 25 years of experience as an international sales, marketing & operations e... (more)

Compliance in the Cloud | @CloudExpo @DMacVittie #DevOps #Compliance

Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet compliance requirements. Which lead us to start poking around a little more. We wanted to get a picture of what was available, and how it was being used. There is a lot of fluidity in this space, as in all things cloud. The fact that DevOps Security plays into the cloud compliance model – particularly in dynamic cloud environments – makes it even more fluid. We’ve found the following options are the ones most frequently being pursued in cloud deployments for industries that need to meet compliance requirements. Not in the Cloud This is the default, and a lot of companies are followin... (more)

Avoiding Compliance Risk with Better Access Management | @CloudExpo #Cloud #Security #Compliance

Avoiding Compliance Risk with Better Access Management Networks have become large, complex entities that are increasingly difficult to manage and control. Security, audit, risk and compliance professionals know that their organizations rely on them for effective risk management, control and governance processes that are essential to the safety of their network environment. Yet compliance and security are more challenging than ever before as additional layers are added to this environment. One of the challenges lies in the fact that there is an ongoing, huge access gap in network security and compliance - and it has been residing within the environment for more than 20 years. This tool, known as the Secure Shell (SSH) protocol, grants privileged access to all types of production environments. A Problem Gaining Attention The problem is propagated by a lack of awareness... (more)

The Dark Side of SSH Key Compliance | @CloudExpo #Cloud #AI #Compliance

Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance. It's all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn't matter whether that access is being requested by a machine, admin or business user. The fact is that: Oversight and control are sorely lacking in many organizations. They do not have visibility into SSH user key-based trusts or monitoring capabilities. They lack processes for provisioning ownership, revocation and rotation of keys. There is no ownership of the access b... (more)

Multi-Cloud Movement | @CloudExpo @VMware #DataCenter #Compliance #DigitalTransformation

Keeping Pace with the Multi-Cloud Movement A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud solution ideal for all applications, and some applications might not fit the cloud at all. For example, certain applications have more stringent security or compliance requirements that require a private cloud or traditional on-premises deployment. For the foreseeable future, the majority of companies will maintain a hybrid cloud env... (more)

Don’t Get Lost in the Cloud | @CloudExpo @RackWare #Compliance #AI #DX #HybridCloud

For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers balance and flexibility. It helps companies achieve a wide array of business goals, including availability, reliability, security and cost-efficiency. Still, there are a number of challenges associated with hybrid cloud. Here are four management issues that companies need to address to enjoy a successful hybrid cloud implementation. Managing complexity. More clouds can sometimes... (more)

Changing Standards for Online Healthcare Data – HIPAA & the Cloud

Just a few months ago I wrote a blog post about healthcare data on the cloud (HIPPA Cloud Storage) and the security concerns surrounding this very sensitive and valuable data. I mentioned that as with many industries, more healthcare data is being moved to the cloud, but the healthcare industry has remained a few paces behind others in terms of securing online data. The safety of personal healthcare information on the cloud continues to be an important topic, specifically in regards to government-issued guidelines. There are new requirements going into effect this year that expand on how HIPAA and HITECH standards regulate healthcare data on the cloud. HIPAA & Cloud Security For years, HIPAA has required healthcare organizations to maintain confidentiality of electronic health information that can be linked back to an individual. More recently, HITECH provisions furt... (more)

What the Business Doesn’t Know Will Hurt

Imagine you work at a company preparing to issue its quarterly earnings report. The phone rings. It's bad news. A coworker has discovered that a former employee has been logging into the company's network for months. It's unclear whether the former employee has used this illicit access to make any buy-loss orders without proper authorization, but the damage has been done. The company is required to force the release through the business channels, halt its stock sales and make the dreaded phone call to the SEC alerting them to the possibility of insider trading. The company must announce its report before it's ready, and is forced to absorb any market blows that result. Who's watching the shop? Most of a company's line of business (LOB) or human resources (HR) leaders are not tasked with worrying about identity and access management (IAM); that is, the processes by w... (more)

Big Challenges of #BigData | @CloudExpo @Gemalto #Security #AI #ML #DL

Download White Paper ▸ Here Between 2005 and 2020, data volumes will grow by a factor of 300 - enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘Big Data' phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren't adequate at this scale: they're too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they break many of the traditional security approaches on which enterprises depended. In these massive data volumes, how are organizations going to ensure that their customer information is safe from people looking to exploit it? Is it possible to adopt Big Data technologies while demonstrating compliance with industry regulations? Will security get i... (more)

[session] Enabling #FinTech | @CloudExpo @CloudRaxak #AI #ML #Blockchain

Enabling FinTechs for Success through Business-Driven Cloud Security FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, will show FinTechs how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continuous compliance, and set themselves up for success. Speaker Bio Sesh Murthy is the Co-Founder and CTO of Cloud Raxak. Before Cloud Raxak, he was the Vice President of Cloud Innovation at IBM Global Services. He has 29 years of experience in creating value for customers in cloud and technology se... (more)

A Storage Management Perspective on Sarbanes Oxley

Mention storage in the same breath as Sarbanes Oxley and the immediate reaction of senior management might be to hide the checkbook. Invariably a vendor is making a pitch on how the latest, and greatest, WORM-enabled, opto-magnetic, network replicated gizmo is going to solve all of their problems. SOX has become the latest in a line of vehicles to which vendors have hitched their wagons in order to sell more gear (remember the Y2K buying frenzy?). The sad truth of the matter is that you could have the greatest technology in the world and still miserably fail a compliance audit. The Storage Manager's Dilemma Don't get me wrong - vendors are not solely to blame. To quote that great American philosopher Pogo, "We have met the enemy and he is us." Many organizations procrastinated before giving serious consideration to SOX, particularly to Section 404's compliance requir... (more)