The framework that auditors use to assess internal controls – a cornerstone of Sarbanes-Oxley – was changed in 2013 to put an emphasis on technology controls. CFOs, controllers, internal and external auditors, risk managers, and even a Board's audit committee members are now obliged to ensure that companies achieve a substantially higher standard of housekeeping when it comes the management of technology. For example, when an organization gets hit with a security breach, what does that say about the controls they had over data, arguably their most important asset? Considering the liabilities CEOs and CFOs face each time they sign their Section 404/302 certifications, the stakes for compliance have never been higher.
There are several powerful, transformative IT trends that require companies to think differently about the way they procure and manage technology. We can show you how you can immediately gain the visibility and control you need to deal with these, and other fundamental shifts in the way companies operate today.
The cloud makes it much harder to stay compliant.
Companies face a virtual alphabet soup of regulations, especially those designed to safeguard Personally Identifiable Information (PII) and Sensitive Personal Information (SPI). It was hard enough to comply with these regulations when all your data was on-premises. The cloud opens a whole new world of compliance issues to worry about. We can show you how to navigate successfully through the minefield.
Bank Secrecy Act
USA Patriot Act
Most IT security offerings only protect you behind the firewall.
Corporate life is especially perilous outside the data center firewall. The cloud exposes companies to substantially greater risks of malware intrusion, malicious leakage of data, theft of user credentials, and account hijacking, among others. Traditional security software, and even next generation firewalls, cannot provide the kind of protection you need in an environment laden with both sanctioned and unsanctioned cloud-based services. Mobile devices represent an exceptionally porous membrane that must be monitored programmatically as they amplify the cloud-based threats. Let us show you how to get the visibility and the control you need to overcome cloud-induced vulnerabilities.
Cloud-based services introduce subtle risks as well. Has someone in your company ensured that you retain control of your data once it resides on a cloud host? What happens when third parties, including government agencies, subpoena your cloud service provider, demanding access to your data? When an employee accesses an app without seeking any approval, which is typical shadow IT behavior, the terms and conditions of that relationship may get no consideration at all. We can show you how to best encrypt data at rest, in use, and in transit, while keeping control of the keys and your data's security.