BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

The Cost Of SOX Is Declining?

Post by Peter McCalister June 30, 2011

No, I’m not talking about socks that protect your feet, I’m talking about the government regulation that most of you are worried about. Protiviti just released a new study on the effectiveness and costs of Sarbanes-Oxley compliance with a number of interesting insights for IT managers who are concerned about the effectiveness and costs of their IT controls. The overall results are encouraging.

According to Protiviti’s 2011 Sarbanes-Oxley Compliance Survey, the cost of SOX compliance is declining and most participant believe the benefits of the controls outweigh the costs. Now I am little skeptical that all of the companies surveyed are including the full impact of SOX controls on IT costs, especially since less than 50% track and report the hours and costs of compliance. I suspect some companies have just gotten comfortable that some of the activities they added are just part of a new normal. Sort of like the metaphor of a slowly boiling frog not jumping out of the pot.

Nevertheless, the way companies are approaching the continuous improvement in their SOX controls is telling. They are simultaneously reducing costs and increasing the effectiveness and efficiency of operations by following a number of key strategies:

-Using the COSA framework to define best practices. COBIT would provide a similar framework for IT
-Increase use automated controls and continuous monitoring including a shift to preventative rather than detective controls
-Use of data mining and analytics to increase understanding of process performance
-Consolidating IT processes, platforms and systems

These are all things IT can embrace and as a strategic vendor of compliance and security solutions to the enterprise, things we should and can help our customers with. Implementing least privilege across physical, virtual and cloud-computing environments can also add to this savings.

Leave a Reply

Additional articles

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,
BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,