Sarbanes Oxley Compliance Journal on Ulitzer

Sarbanes Oxley on Ulitzer

Subscribe to Sarbanes Oxley on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Sarbanes Oxley on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

SAN FRANCISCO, Aug. 28, 2012 /PRNewswire/ -- VMworld -- News Summary: New EMC Storage Resource Management (SRM) Suite delivers one of the industry's most comprehensive application-to-storage management, for common insight into service level management, priorities and tasks as customers build their cloud infrastructure. The SRM Suite combines EMC ProSphere, EMC Storage Configuration Advisor, and recently acquired EMC Watch4net into a single, easily consumable monitoring and reporting package that offers performance, capacity and configuration management at scale for EMC and select third party storage arrays for both file and block. Follow EMC at VMworld: EMC Community Network: To view everything EMC at VMworld, visit  Twitter: For continuous news and event updates for EMC at VMworld, follow EMC on Twitter at @CloudEMC and @EMCCorp ... (more)

OpenPages Reduces Cost of Sarbanes-Oxley Compliance With Advanced Automation Capabilities

WALTHAM, MA -- (MARKET WIRE) -- 08/15/05 -- OpenPages, the leading provider of enterprise governance, risk and compliance management (GRCM) solutions, in conjunction with Greenlight Technologies, today announced new capabilities for SOX Express that provide OpenPages customers the ability to fully automate many manually intensive IT controls commonly required for Sarbanes-Oxley compliance. Available immediately from Greenlight Technologies, Greenlight Control Automation for SOX Express provides companies with more than 1,500 control automations for leading enterprise applications including Oracle, SAP and Peoplesoft. "OpenPages strives to help its customers continue to reduce the cost burdens of Sarbanes-Oxley compliance," said Peter Morgan, vice president of marketing at OpenPages. "In partnership with Greenlight, OpenPages is providing its customers new facilitie... (more)

Integration Concerns No Barrier to Enterprise Cloud Adoption

Study from Mimecast Finds that Security and Integration Concerns are not Preventing Enterprises' Cloud Computing Adoption London - February 4, 2010 - Mimecast®, a holistic email management company offering SaaS-based email archiving, continuity, security and policy control, today announced the results of its Cloud Computing Adoption Survey, which examined the perception and adoption of cloud computing solutions among 565 respondents responsible for managing their organization's IT operations and budget across the U.S. and Canada in the Fall of 2009. Data from the recently completed online survey highlights the complex, often contrasting, thought process of IT decision makers regarding cloud computing. While security and integration issues are clearly users' biggest fears about cloud computing, these concerns have not dissuaded companies from implementing cloud-based... (more)

NaviSite Introduces Cloud-Based Desktop-as-a-Service

"Cloud is changing the way enterprises view the corporate desktop," said  Denis Martin, Executive Vice President and CTO at NaviSite introduced an enterprise-class, cloud-based Desktop-as-a-Services (DaaS) offering that enables IT organizations to deliver virtual desktop services to local and remote users from the cloud. "DaaS leverages the scale, simplicity and economics of the NaviCloud to deploy desktops across the enterprise," Martin continued, adding: "Enterprises can now rapidly provision a secure virtual desktop for users that can be accessed on any device, anywhere without the upfront costs and complexity of traditional desktops while adhering to corporate security and compliance policies. Additionally, most companies rarely have a disaster recovery plan for data maintained on traditional desktop solutions, but cloud-based DaaS offers centralised, built-in bu... (more)

Dell Announces Private Cloud Built on OpenStack

“This year we’ve seen enterprises turn increasingly to Dell Services to help modernize and adapt their IT environments to manage the growing challenges and opportunities presented by these disruptive forces," said Suresh Vaswani, president, Dell Services, as Dell's CEO Michael Dell used his keynote at this year’s Dell World conference in Austin, Texas to unveil a technical preview of its private cloud. Customers from small businesses to large enterprises, across geographies and industries, selected Dell Services in 2012 to help transform IT and solve business problems, Vaswani explained. "With industrialized service offerings that make it simple for customers to receive the level of service that’s right for them, Dell Services offers consulting services and end-to-end capabilities that empower IT to achieve cost savings, growth and innovation," he added. “At Dell Wo... (more)

COTS Cloud security reference design and related NIST workshop

By RyanKamauff Since the beginning of the modern Cloud movement (which we trace to November 2006 — see here if you want to know why) technologists have been seeking ways to mitigate key risks. Top on our list include 1) The increased risk due to multi-tenancy 2) The mission needs of availability (including the need for always available path to resources) 3) New and at times nuanced challenges regarding data confidentiality 4) New challenges regarding integrity of data. There are many other policy related risks that planners must consider, including how to establish the best user authentication methods and how to ensure compliance with regulations and laws of the geography that holds the data. But for a technologist, the four above are a continual concern, and if those technical concerns are mitigated it makes other concerns so much easier to deal with. That is why ... (more)

New PCI DSS Cloud Computing Guidelines – Are You Compliant?

This month the Cloud SIG of the PCI Security Standards Council released supplemental guidelines covering cloud computing. We’re happy to see APIs included as a recognized attack surface.  As this document makes clear, responsibility for compliance for cloud-hosted data and services is shared between the client and the provider.  API providers moving to the cloud should pay close attention to this document:  Section 6.5.5 covers Security of Interfaces and APIs, while Appendix D covers implementation considerations that include API-related topics.  For cloud-hosted systems, an API gateway can simplify implementation, secure PII and PAN data in motion, provide compliance and ensure auditability in these areas. The last paragraph of Section 6.5.5 reads: APIs and other public interfaces should be designed to prevent both accidental misuse and malicious attempts to bypas... (more)

Private Cloud Is Not a Euphemism for Managing Hardware

As with every technology, definitions almost immediately become muddled when it becomes apparent that the technology is going to "change the world." SDN is currently suffering from this  phenomenon and it appears that cloud continues to suffer from it. Let me present Exhibit AAAA: Which Cloud Delivery Model is Right for Your Business? Private clouds are great solutions for organizations looking to keep their hardware locally managed. The association of "private cloud" with "hardware" is misguided and, in most instances, just plain wrong. Organizations implementing or planning on implementing private cloud (or on-premise cloud) are not doing so because they can't bear to part with their hardware. What they can't bear to part with is control. Control over security, over performance, over availability. Control over data and access. Control over their own destiny. Privat... (more)

The HIPAA Final Rule and Staying Compliant in the Cloud

The HIPAA Omnibus Final Rule went into effect on March 26, 2013.  In order to stay compliant, the date for fulfilling the new rules is September 23, 2013, except for companies operating under existing “business associate agreements (BAA),” may be allowed an extension until September 23, 2014. As healthcare and patient data move to the cloud, HIPAA compliance issues follow.  With many vendors, consultants, internal and external IT departments at work, the question of who is responsible for compliance comes up quite often.  Not all organizations are equipped or experienced to meet the HIPAA compliance rules by themselves.  Due to the nature of the data and the privacy rules of patients, it is important to secure the data correctly the first time. HIPAA and the Cloud Do you have to build your own cloud HIPAA compliance solutions from scratch?  The short answer is no. ... (more)

Top Three Reasons to Switch to Cloud Data Security

Companies are increasingly moving their data security to the cloud. By the 2015, 10% of overall IT security enterprise product capabilities will be delivered in the cloud, according to a study conducted by Gartner. In fact, the cloud data security market is expected to reach $4.2 billion by 2016. Are there compelling reasons to move your own data security to the cloud? I am a firm believer that cloud security is a godsend to companies dealing with sensitive information, particularly small and medium sized enterprises (SMEs). Here are the top reasons to consider moving your data security to the cloud: 1. Security in the cloud reduces costs Many companies assume that the responsibility for data security can be delegated to an in-house IT specialist. But security requires significant expertise, and not every organization has it. In fact, an SME should not need to build... (more)

Agile Governance | @DevOpsSummit #Agile #DevOps #APM #Microservices

“Last year the decision was finally made to mandate Agile across our enterprise. The decision was taken, even though there were many unanswered questions. The assumption was that forcing the migration, along with adoption of popular “enterprise Agile methods” would ensure resolution of the outstanding questions. In practice, Agile methods have been very effective in delivering specific digital business initiatives. But almost inevitably the distribution and delegation of architecture has resulted in duplication, inconsistency and increased complexity, across all project types including legacy and new projects. We are now concerned that we no longer have an effective governance capability. The question is how do we fix this without losing the undoubted benefits of Agile methods?“ Enterprise Architect, F2000 company. Over the past few months I have heard this message ... (more)