Gain Control With Compliance Tools

Are you caught up in the sea of information privacy and security regulations? Or, seemingly as bad, are you swimming in the ocean of vendor compliance products trying to figure out which life raft is best suited to keep your organization afloat? If so...


Are you caught up in the sea of information privacy and security regulations? Or, seemingly as bad, are you swimming in the ocean of vendor compliance products trying to figure out which life raft is best suited to keep your organization afloat? If so, join the crowd — it is growing larger every year.

When it comes to HIPAA, GLBA or the “regulation of the month,” it is one thing to be "compliant," but it is quite another for all your money, time, and effort to be spent wisely to ensure that your business goals are actually being met and properly managed. Applications that automate and ease the pain of security administration can play a large role in this process.

Information security success is directly proportional to the quality of the tools you use. But compliance tools aren't the “compliance in a box” solution that they sometimes appear to be — there are both pros and cons. Here's what you need to know before you spend another dime.

Options and Benefits Abound

Compliance is not a one-time deal — it is a mindset and mode of operation. It is also a matter of balancing what someone else says you have to do with what actually needs to be done inside your business. To keep up with the many compliance updates — from analyzing overall risks to controlling who can do what on the network to rooting out security vulnerabilities on an ongoing basis — you need good tools.

There are hundreds if not thousands of compliance products waiting to help you lock down every nook and cranny of your network. Whether a small non-profit or a global corporation, there is a tool out there for all of your compliance needs:

* Risk analysis tools from vendors such as RiskWatch (www.riskwatch.com) and Relational Security Corp. (www.relsec.com);

* Policy management tools from vendors like SolSoft (www.solsoft.com) and BindView (now Symantec) (www.bindview.com);

* Identity management tools from vendors such as Identity Automation (www.identityautomation.com) and Novell (www.novell.com/products/identitymanager);

* Access control management tools from vendors such as Trusted Network Technologies (www.trustednetworktech.com) and Lockdown Networks (www.lockdownnetworks.com);

* Enterprise configuration management tools from vendors such as Configuresoft (www.configuresoft.com) and Voyence (www.voyence.com);

* Data leakage prevention tools from vendors such as Vontu (www.vontu.com) and Verdasys (www.verdasys.com);

* Encryption tools from vendors such as PGP (www.pgp.com) and Vormetric (www.vormetric.com);

* Log management tools from vendors such as GFI (www.gfi.com/eventsmanager) and ArcSight (www.arcsight.com);

* Unstructured data/storage security tools from vendors such as Scentric (www.scentric.com) and StoredIQ (www.storediq.com);

* Wireless security management tools from vendors such as AirMagnet (www.airmagnet) and Network Chemistry (www.networkchemistry.com); and

* Vulnerability management tools from vendors such as Qualys (www.qualys.com) and eEye Digital Security ( www.eeye.com ).

AMR research estimates that organizations will spend nearly $30 billion on governance, risk management and compliance — a large part of which involves the types of privacy and security tools listed.

Not only are the options plentiful, but so are the business benefits behind them. Compliance tools provide value by helping to enforce the very policies intended to keep you compliant. They can also be used to manage multiple compliance requirements concurrently, instead of using one tool to manage one set of systems for one regulation, and so on. Many of the tools — especially the ones for configuration, policy and access management — can be used to implement and enforce high-level compliance requirements. They also come pre-packaged with helpful policy and reporting templates. All of this can drastically ease the burden of managing a half-dozen or more IT-related regulations.

Beware of the Marketing Machine

This content continues onto the next page...