Guide to Network Auditing and Compliance
Network auditing market moves to automationBy Denise Dubie
As enterprises take a more methodical approach to compliance, network auditing and compliance vendors are looking to make the job easier by automating more steps and improving the documentation features of their tools. Vendors continue to improve their products by adding fine-grained policy controls, measuring how often users follow policies and mapping reporting capabilities to specific regulatory requirements.
Companies ranging from governance newcomer Brabeion Software to management heavyweights CA and IBM to configuration player Solidcore have enabled their products to track compliance by adding support for detailed governance policies and continual monitoring.
Brabeion's software taps a library of content detailing the controls IT managers are required to provide to SOX auditors, for instance, and it also includes comprehensive information on control frameworks such as Control Objectives for Information and related Technology (COBIT). The company offers the ability to define role-based dashboards that provide comprehensive metrics, and track user policy acceptance and remediation efforts, among other things.
IBM conducted discussions with hundreds of CIOs to identify the compliance triggers IT executives deal with in their companies, such as the ability to quickly respond to a request for legal discovery. That feedback helps Big Blue instrument its technology to collect data relevant to such a request and develop a report that satisfies auditors. And it represents a vendor trend to move compliance efforts out of the silos of IT and across environments to address workflows that touch many IT domains and span the network.
"The practice of [governance, risk and compliance] has evolved from siloed applications, documents and spreadsheets to enterprise content management in order to manage compliance documentation," Forrester Research reports. "Now there is an increased focus on supporting GRC through the use of business process management, rules engines and automated compliance monitoring, as well as advanced analytics and dashboards."
Industry watchers warn that the features provided in such compliance management software can only address IT processes and policies as defined by the IT organization, which requires shops to maintain up-to-date and relevant compliance standards. Also, IT shops must continually work to align their compliance policies with their specific businesses. "Every industry is regulated now, and there isn't one product that provides compliance rules for all the regulations. Compliance requires ongoing process and policy improvements," says Burton Group's Mike Neuenschwander.