Compliance
  Governance
  Risk-Management
  Security
Roundtable
< Back

What is the single most challenging Sarbanes-Oxley issue today?



Jim Pflaging
President and CEO
SenSage

Sarbanes-Oxley mandates financial accuracy and disclosures on a level unprecedented in history. To ensure compliance, entities must be able to collect, retain and review a veritable tidal wave of information. Storing and managing the large volume of data from all devices, applications, and systems on a network is key to ensuring the ability to identify and research violations and is the most significant challenge of complying with Sarbanes-Oxley.

Just a few short years ago, most companies felt that their greatest risk of information leakage and misuse was from outsiders. As such, early investments were in devices and systems to protect the perimeter. However, the damaging leaks and distortions of financial information that led to the passing of Sarbanes-Oxley were, in fact, violations by insiders. The need to track the actions of users inside a company has greatly increased the amount of data that entities must collect to ensure a complete view of all activity. After all, insiders have valid passwords, don't get stopped by firewalls, and usually have a legitimate reason to be accessing company information.

While companies must establish policies and procedures regarding access to data, the more challenging task is enforcing these rules systematically and ensuring the ability to track and research violations. The stakes are high for executives as they must ensure not only their ability to verify the accuracy and protect access to financial data within their company, they must make certain that partners and auditors can do the same.

The nature of the information needed to demonstrate the veracity and security of financial information is data that records access to key systems and files. At its most basic level, this data is the raw log files from devices, systems, and applications. Entities must collect these on-going records and maintain them online for months and even years in order to be able to fully trace leakages and determine the full extent of them. With log files a company can provide court-admissable records of exactly who accessed specific data, when they accessed it, and what else they did with it.

A comprehensive log management platform designed to effectively collect, retain, and analyze individual logs can help integrate the worlds of accounting and information technology in accordance with the mandates of Sarbanes-Oxley. SenSage is the leader in enterprise log data management. The company's SenSage product directly addresses the growing threat from insider abuse, intellectual property leakage and the strict compliance audit verifications required by legislative mandates. SenSage's unique compression technology facilitates the online storage of massive volumes of log data for long periods of time and enables rapid querying, ensuring better visibility into security threats and adherence to compliance mandates.




About Us Editorial

© 2017 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY