Bandages Don’t Work for SOX Compliance
Dennis Brewer made some insightful statements in his article “Making the most of the extended SOX deadline” on SearchSecurity.com. He said:
“In their haste to become compliant, organizations often apply bandage solutions to their IT infrastructure. Unfortunately, this approach may leave your organization supporting costly legacy hardware and older software applications that do not provide competitive advantages and may need to be replaced as compliance requirements increase.”
” … Essentially all compliance criteria points to a principle of IT control granularity that is capable of linking any one person or digital identity to any single piece of data; or the converse, to deny access rights to all others. Group and role access control models still present value, but only for data access where fixing individual responsibility is irrelevant.” (my italics)
” …Replacing dated programs and using modern database applications that interact well with LDAP directories and interface with identity management and identity provisioning technology may be the only path to compliance over the long run.”
Tags: Identity
Digital Identity
Identity Management
SOX
Compliance
Interfacing with identity management and identity provisioning technology may require a certain vendor to start thinking about creating a “reference architecture” around doing so…
Comment by James on January 6, 2006 at 4:23 am