Toronto — Regulatory compliance continues to be a hot button issue for small businesses right up to large enterprises. Vendors and resellers are now trying to tackle this issue by marrying business efficiencies with the business need of compliance.
Currently the market is faced with regulatory
pressures from the American Sarbanes-Oxley act to the Canada’s PIPEDA. On top of that, internal desktop data security policies may come into play.
Chris Mak, IT Specialist, for IBM Canada’s System/Storage group, suggested that regulatory compliance should be integrated into overall business efficiency solution. “”Compliance is an expensive proposition just to keep your CEO or CFO out of jail,”” he said.
Dean Williams, corporate services specialist for SoftChoice, a Toronto-based VAR, concurs that marrying compliance with business efficiencies is a new go to market approach for compliance.
Currently businesses, especially smaller business are uncertain on where to begin, Williams said.
SoftChoice has developed Live-Inventory TechCheck on Asset Metrix, a solution that enables customers to audit all software and hardware no matter if it is on Windows or Linux.
Besides the TechCheck solution, Williams advises companies must look at their current IT state first. “”It is an essential first step,”” Williams said. “”The first step is knowing if you are close enough to take that next step towards adhering to a policy.””
Companies should take a past, present and future angle toward policy compliance, Williams added:
Past: Have current policies resulted in any exposure that needs to be rectified?
Present: Do you understand what you have? Do you understand which user falls under which policy? How well are people complying? Is the policy a realistic one?
Future: How far away is the company to compliance and where does it have to go to reach this goal?
Kevin Krempulac, channel manager for Symantec Canada believes security and regulatory compliance are tied to four key drivers: Blended threats, proactive security, wireless and regulation with security compliance.
Chris Devlin, channel partner advocacy manager for Computer Associates, said sometimes software compliance is a matter of “”peace of mind.””
Last year, he said, the top 10 vendors released 35,000 patch updates. “”It’s hard to manage that many changes and it is a mammoth task. Asset management should be at the core,”” he said.
Another concern is legal. Solution providers must be up to speed on acts such as Sarbanes-Oxley and PIPEDA. Williams recommends firms consult with a the company lawyer before starting any project.