Sarbanes Oxley Compliance Journal on Ulitzer

Sarbanes Oxley on Ulitzer

Subscribe to Sarbanes Oxley on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Sarbanes Oxley on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

New Media on Ulitzer Topic A at the recent Securities Industry and Financial Markets Association Annual Meeting (SIFMA) was what to do about the fastest-growing communications phenomenon since the invention of the Internet: the explosion in social networking. Whenever compliance and communications come together there is sure to be a tussle and this meeting was no different. Chairman and CEO Rick Ketchum cited the current policy as “currently constructed, these sites would not permit you to easily supervise these communications. For that reason, most firms prohibit their employees from using these sites for their business.” Still, trying to hold back the social media communications tsunami is not likely to last. The cost of not communicating to advisors and clients through their preferred vehicles does not make a lot of long-term business sense. Mr. Ketchum readily a... (more)

ActiveState Launches Business Edition

Open Source Journal on Ultizer ActiveState, the dynamic languages experts, today launched ActiveState Business Edition, commercial-grade language distributions for Perl, Python and Tcl, providing organizations open source compliance, commercial support, and cross-platform access. "ActiveState has been a leading contributor in the open source community for years," said Bart Copeland, President and CEO, ActiveState. "With the launch of Business Edition, we can help companies deploying Perl, Python and Tcl in their business-critical applications, ensure open source policy compliance, minimize downtime and accelerate productivity cost-effectively. ActiveState's deep technical expertise is focused on keeping client systems, powered by dynamic languages, running smoothly, and making sure clients are in compliance with their open source policies." ActiveState Business Edi... (more)

VMware’s OpenStack Hook-up: Analysis & Comments

VMware has applied to join the OpenStack Foundation, potentially giving the burgeoning open source cloud stack movement a huge dose of credibility in the enterprise. There are risks to the community in VMware’s involvement, of course, but on the balance this could be a pivotal event. There is an alternative explanation, which I will hit at the end, but it’s a pretty exciting development no matter VMware’s true motivations. VMware has been the leading actor for cloud computing in the enterprise. Most “private clouds” today run vSphere, and many service providers have used their VMware capabilities to woo corporate IT managers. While the mass-market providers like Amazon and Rackspace are built on open source hypervisors (typically Xen though KVM is becoming more important), the enterprise cloud is still an ESXi hypervisor stronghold. Soapbox Rant: Despite the fact th... (more)

Master Cloud Encryption Keys: The Heat Is On

Earlier this month, we discussed the effect of NSA Leaker, Edward Snowden and the Prism Scandal on the future of cloud security.  We asked (and answered) the question: What level of paranoia is justified in the wake of PRISM?  But it seems the scandal just grows and grows. We now hear that the Feds put heat on Web firms for master cloud encryption keys. It is unclear whether US authorities have the legal clout to obtain the master encryption keys that Cloud Providers use to shield customer data.  However, it is crystal clear that the government wants this right.  As the ripple effect of the scandal continues, we find ourselves being asked by customers: how do we make sure our keys are protected so that we can make sure our data is protected? Cloud Security is special because Cloud Economics are special: if anyone (whether a commercial interest or the government) can ... (more)

Continuous Delivery Adoption Rates Soar According to Study Commissioned by Perforce Software

Independent Survey Shows Practice has Grown Beyond Software-as-a-Service (SaaS) Companies, Becoming the New Normal for Software Development across Business Types WOKINGHAM, UK, January 28, 2014 - Perforce Software today announced research findings on Continuous Delivery showing higher-than-anticipated adoption rates across industries and types of end products. Driven by consumer demands for rapid innovation and already practiced by many SaaS companies, Continuous Delivery is a methodology that automates and streamlines development and speeds up the release lifecycle. "Constant, ongoing, business-driven change is expediting the growth of Continuous Delivery practices across multiple industry verticals," said Julie Craig, research director at Enterprise Management Associates. "Software code is being developed in smaller increments, released more often, and deployed ... (more)

HP to Provide HP Helion Cloud Services in China

PALO ALTO, CA -- (Marketwired) -- 08/21/14 -- HP (NYSE: HPQ) today announced it has signed an agreement with Beijing UnionRead Information Technology Ltd., a leading content distribution network service provider and hybrid cloud operator, to build and operate community clouds for enterprise customers in China. UnionRead will be the first service provider in China to deploy HP Helion solutions based on OpenStack® technology since HP introduced the HP Helion portfolio earlier this year. The agreement is a significant step that will enable HP to meet customers' growing demand for cloud services in one of the fastest-growing cloud markets in the world and demonstrates momentum for the HP Helion portfolio. A community cloud offers an infrastructure that is shared between multiple organizations with common interests, for example, vertical industries or geographies that ... (more)

Bomgar Named to the 2014 Inc. 500|5000 List of Fastest-Growing Companies

Bomgar, the leader in enterprise remote support solutions, announced today that it’s been named to the 2014 Inc. 500|5000, an exclusive ranking of the nation’s fastest-growing private companies. Bomgar ranked No. 4072 on the 33rd annual list, its sixth consecutive year on the Inc. 5000, and achieved a three-year growth rate of 73 percent. Bomgar’s remote support solutions offer the security, integration and management capabilities support organizations need to increase productivity, while also improving compliance and customer satisfaction. Using Bomgar, technicians can chat with an end-user, remotely view and control computing systems and devices, and collaborate with other technicians or external vendors to resolve issues. Bomgar also enables organizations to securely manage remote access to their network by third-parties, outsourcers and vendors. “It’s an honor... (more)

"Information Risk": A New Approach to Information Technology Security

Understanding the potential benefits and risks of information technology (IT) - particularly information security - has become a mission-critical imperative for today's business leaders. Cyber-attacks, computer abuse, privacy issues, identity theft, and fraud have not only raised the level of corporate awareness, but also ushered in a new wave of regulatory requirements. Cyber-threats and new regulations can both lead to serious consequences for the company and its leadership. Company executives need to recognize that threats are not simply a technology issue, but have become a serious concern for the enterprise. Addressing information risk and security at an enterprise level requires an approach that cuts across people, processes, and technology. Many companies have invested heavily in security technology solutions, but have not made similar levels of investment i... (more)

SenSage Identifies Critical Security Information Management Shortcomings

SenSage, Inc., the leading provider of enterprise security analytics, today released a white paper entitled, "The Event Analysis and Retention Dilemma," which identifies significant security data information management deficiencies that can compromise an organization's compliance with regulations such as Sarbanes-Oxley, HIPAA, FFIEC and data privacy. Corporations must demonstrate corporate governance, security due process and adherence to regulatory compliance to their auditors, shareholders, partners and customers.  Compliance requires consistent security monitoring, full incident investigation and long-term data retention -- in some cases over seven years.  Half of reported incidents are perpetrated internally and cause the most financial damage.  Collecting and retaining application and security event information is critical to identifying sources of insider abu... (more)

Cloud Computing Challenges and the Balance Between Risks and Benefits

In the previous article we looked at some Cloud Security Advantages. Now let's now look at some Cloud Challenges. Cloud Challenges • Trusting vendor’s security model • Customer inability to respond to audit findings • Obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control; Data dispersal and international privacy laws • Need for isolation management • Multi-tenancy • Logging challenges • Data ownership issues • Quality of service guarantees • Dependence on secure hypervisors • Attraction to hackers (high value target) • Possibility for massive outages • Encryption needs for cloud computing Let's look depper into a few of the major concerns. How can you be sure your Data is Safe? Data safety in the cloud is not a trivial concern. Some online storage vendors such as The Linkup and Carbonite h... (more)

Cloud Computing and Virtualization Expo Show Report

Virtualization at Cloud Expo I remember back-in-the-day when Virtual meant ‘almost,’ ‘simulated’ or ‘in essence’ as in, ‘I’m virtually there.’  Today, as it has made it’s way into computer terminology, it can mean actual or real things that are done over computers. Virtualization has been the main enabler of Cloud Computing and has become an important tool for IT. I recently attended the 2009 Cloud Computing and Virtualization Conference & Expo in Silicon Valley and wanted to share some of my observations. The show has certainly grown from last year but still a nice small(er) conference with a lot of opportunity for good conversations. Cloud ‘solutions’ seemed to dominate the talks even though there is still a lot of confusion about the Cloud with a good portion of participants appearing to be in the investigative/learning stage. Many of the attendees were still jus... (more)