Network Security: A Key To Regulatory Compliance

Experts give advice to VARs looking to capitalize on the security sales momentum created by regulatory compliance.

From the boardroom to information technology departments, regulatory compliance rules and regulations are placing increasing security demands on companies of all sizes. Regulations such as SOX (Sarbanes-Oxley Act), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), the Patriot Act, and Basel II require companies to strictly monitor and control access to information to protect against fraud, abuse, and data breaches. Failure to comply may result not only in financial liability and costly legal action, but also loss of corporate reputation and brand value. The ultimate goal is securing business processes, and compliance is a means to that end. Although achieving the goal of compliance can be a daunting task for customers, compliance continues to provide security integrators with plenty of good growth opportunities.

To get a taste of just how important security is to regulatory compliance, Craig S. Smith, director of channel sales for TriGeo Network Security, explains some of the specifics required by the Control Objectives of Sarbanes-Oxley (COSO). "Building an effective IT security infrastructure reduces the risk of unauthorized access. Improving security can reduce the risk of processing unauthorized transactions and generating inaccurate reports and can ensure a reduction of the unavailability of key systems if applications and IT infrastructure components have been compromised. The IT Governance Institute's IT Control Objectives document, which provides specific recommendations based on COSO, specifically identifies the need for security monitoring control. The document states, ‘IT security administration monitors and logs security activity, and identified security violations are reported to senior management.' These guidelines emphasize that compliance goes beyond check boxes," says Smith.