wall.jpg
mcescher1898-1972-1356130445_org.jpeg
underwater_minefield_by_juanjosetorres-d5726zg.jpg
6964825-great-wall-of-china-sunset.jpg
wall.jpg

Sarbanes-Oxley's new emphasis on technology controls


SCROLL DOWN

Sarbanes-Oxley's new emphasis on technology controls


The framework that auditors use to assess internal controls – a cornerstone of Sarbanes-Oxley – was changed in 2013 to put an emphasis on technology controls.  CFOs, controllers, internal and external auditors, risk managers, and even a Board's audit committee members are now obliged to ensure that companies achieve a substantially higher standard of housekeeping when it comes the management of technology.  For example, when an organization gets hit with a security breach, what does that say about the controls they had over data, arguably their most important asset?  Considering the liabilities CEOs and CFOs face each time they sign their Section 404/302 certifications, the stakes for compliance have never been higher.  

mcescher1898-1972-1356130445_org.jpeg

Transformation of IT


Transformation of IT


There are several powerful, transformative IT trends that require companies to think differently about the way they procure and manage technology.  We can show you how you can immediately gain the visibility and control you need to deal with these, and other fundamental shifts in the way companies operate today.

  • Workloads moving from on-premise data centers to cloud hosted infrastructure
  • Shift from use of licensed software to SaaS applications
  • Increasing use of mobile devices, including those owned by employees, and sensors 
  • Consumerization of IT, resulting in higher employee expectations for the quality and speed of access to technology used in the enterprise
  • Incidence rate and severity of security breaches are increasing, while most security software and even next generation firewalls overlook cloud-based activity.
underwater_minefield_by_juanjosetorres-d5726zg.jpg

Regulatory minefield


Regulatory minefield


The cloud makes it much harder to stay compliant.

Companies face a virtual alphabet soup of regulations, especially those designed to safeguard Personally Identifiable Information (PII) and Sensitive Personal Information (SPI).  It was hard enough to comply with these regulations when all your data was on-premises.  The cloud opens a whole new world of compliance issues to worry about.  We can show you how to navigate successfully through the minefield.

Dodd-Frank

European Directives

CARD Act

Bank Secrecy Act

PCI DSS

FINRA

USA Patriot Act

SOC

HIPAA

HITECH

GLBA

 

6964825-great-wall-of-china-sunset.jpg

Perils beyond the firewall


Perils beyond the firewall


Most IT security offerings only protect you behind the firewall.

Corporate life is especially perilous outside the data center firewall.  The cloud exposes companies to substantially greater risks of malware intrusion, malicious leakage of data, theft of user credentials, and account hijacking, among others.  Traditional security software, and even next generation firewalls, cannot provide the kind of protection you need in an environment laden with both sanctioned and unsanctioned cloud-based services.  Mobile devices represent an exceptionally porous membrane that must be monitored programmatically as they amplify the cloud-based threats.  Let us show you how to get the visibility and the control you need to overcome cloud-induced vulnerabilities.

Cloud-based services introduce subtle risks as well.  Has someone in your company ensured that you retain control of your data once it resides on a cloud host?  What happens when third parties, including government agencies, subpoena your cloud service provider, demanding access to your data?  When an employee accesses an app without seeking any approval, which is typical shadow IT behavior, the terms and conditions of that relationship may get no consideration at all.  We can show you how to best encrypt data at rest, in use, and in transit, while keeping control of the keys and your data's security.