Compliance Announcements Show Breadth of Concerns

Making sure an organization is compliant with government regulations is one of the most perplexing challenges in the IT industry. Some companies can't begin to guess how close they are to fulfilling all requirements; others may be fully compliant and not even know it.

It's safe to say the former is considerably larger than the latter. Last week, Input, a research group that studies government business, released a survey commissioned by CA that shows almost half of federal IT security executives lack a specific plan to help their agencies meet an October deadline for compliance with the Homeland Security Presidential Directive (HSPD-12).

The resolution mandates that all federal government employees and contractors be issued standardized Personal Identity Verification (PIV) cards by late October. But, according to the survey, almost half the respondents think the Office of Management and Budget (OMB), which issued the directive, hasn't been clear enough in laying out what agencies must do to comply with HSPD-12 in terms of security specifics or funding for the ID program. As a result, 56 percent of the respondents have no program or are only in the early implementation stages with just a few months left before the deadline.

Similar concerns exist in the private sector regarding how best to handle compliance issues, but everyone is aware of what a critical concern it has become.

"The number of people tuned into storage issues is growing; we see about 75 percent of our [security partners] working with storage now," says Glenn Groshans, Symantec's senior director of business opportunities and alliances. "People are tuned into the fact that they have to plug all their holes, and compliance is a huge driver of that."

In the spirit of attacking the problem from all sides, numerous vendors have made compliance-related announcements in recent days:

1 Last week, messaging security vendor CipherTrust, the global market leader in messaging security, unveiled the IronMail 6.5 gateway security appliance. It includes the Advanced Compliance Module and the Image Analysis Module, which offer category-based compliance optimized to reduce management costs by automatically "learning" which data is sensitive (obviating the need to build manual dictionaries), applying high-level rules for classes of content, enforcing role-based administration with compliance review interface and workflow capabilities, and analyzing 85 different image types and 200 file types of document formats.

1 Also last week, Lodestar announced that Version 4.50 of its Customer Choice Suite (CCS) offers Sarbanes-Oxley compliance via new auditing and versioning features, along with new performance enhancements.

1 This week, Blue Coat Systems combined its SG appliance with PortAuthority Technologies' Information Leak Prevention appliance to enable companies to reliably and accurately prevent information leaks over encrypted (SSL/HTTPS) and nonsecure Web communications (HTTP) and FTP. The new solution protects confidential information and meets regulatory compliance standards with a real-time solution for all network channels. Lockdown Networks also is expected to announce a Network Access Control architecture next week that features newly strengthened compliance functionality.

1 Finally, illustrating just how top-of-mind compliance has become, this week Brabeion Software named former PricewaterhouseCoopers director Steven Schlarman as its chief compliance strategist. In this "cabinet-level" position, Schlarman will report directly to Brabeion president and CEO Julian Waits.