Baseline Magazine - November 2008

F astFacts

Achieving Compliance

Regulations Spark Move Toward Tight Data Control

In the wake of massive financial scandals and rising incidences of identity and data theft that have compromised the privacy of millions, many federal, state, and industry regulations have been crafted with the aim of protecting sensitive data and imposing transparency on corporate accounting practices.

Among the many regulatory acts are:

• The Sarbanes-Oxley Act, governing accounting practices at public companies

• The Gramm-Leach-Bliley Act, which imposes strict privacy controls on financial information

• HIPAA (the Health Insurance Portability and Accountability Act), which sets standards for security and privacy of medical records

• The Payment Card Industry Data Security Standard (PCI-DSS), which imposes security requirements on all credit and debit transactions

Companies considering investments in compliance-related technologies must consider the consequences of violations and the operational benefits that come with improved data management.

FAST MARKET FACTS

In the last several years, companies have been spending heavily on achieving compliance with these regulations, and the IT department is becoming the focus of compliance initiatives because of its ability to manage data access activities across the enterprise.

• According to the Identity Theft Resource Center, the number of public breaches reported by late August 2008 exceeded the number of breaches reported in all of 2007. (September 2008)

• AMR Research announced that companies will spend more than $32 billion on governance, risk management, and compliance in 2008—an increase of 7. 4 percent over 2007. Spending on Sarbanes-Oxley (SOX) compliance is expected to reach $6.2 billion. (March 2008)

• More than half of the retail-industry IT decision-makers participating in IHL Consulting Group’s 2008 Store Systems Study cited compliance with PCI-DSS as their top priority. (January 2008)

Bringing Top Management Aboard

Achieving compliance brings substantial benefits in terms of data governance and management oversight. As concerns about privacy, data security, and risk management grow, compliance is becoming the purview of top management, and IT departments must work closely with their business counterparts to ensure full protection. In fact, Dr. Leslie Willcocks, professor in technology work and globalization at the London School of Economics, says, “The management of strategic risk and regulatory compliance must reside at the board level.” (Baseline, September 2008)

• In a recent report on governance and risk management, industry expert Faisal Hoque writes, “The strategic importance of information and the nature of current business technologies have raised the stakes regarding the privacy, security and confidentiality of information. In particular, there is heightened sensitivity to safeguarding not just sensitive corporate transaction data, but also data about customers, employees and business partners.”

• Hoque adds that in order to get a comprehensive understanding of compliance costs, companies must consider:

– Prevailing regulations

– Managing data in conformance with the regulations and stakeholder expectations

– The cost of responding to the compliance expectations

– Alerting stakeholders about incidents of unauthorized access

– Providing the affected stakeholders with assistance

– The potential for economic sanctions and the threats to business continuity due to noncompliance

(Baseline, September 2008)

CDW as Your Technology Partner

In order to implement a fully compliant data and IT infrastructure, companies must ensure that they have adequate storage capacity, security measures, and access control policies in place to protect information integrity and ensure that all activities are monitored, vetted, and logged for future audit availability.

CDW offers the hardware, software, and services needed to meet your organization’s regulatory responsibilities. CDW specialists can assess your current strategy and help develop a solution that protects your organization from liability and enables you to reap the operational benefits of regulatory compliance.

PCI-DSS compliance efforts ramping up

No Strategy Planned, 5%

Formulating Compliance Strategy, 11%

Already 100% Compliant, 33%

Currently
Implementing, 51%

In a May 2008 survey conducted by Ziff Davis Enterprise and The Strategy Group, one-third of respondents said they were already compliant with the Payment Card Industry’s Data Security Standard, around half are working on it, and another 11 percent are planning their strategy. Ninety percent of those not yet compliant plan to implement their compliance initiative within the next few quarters.

CDW provides trend advisories, case studies, and white papers about security and compliance solutions and their impact on business. Contact your account manager today by calling 800-800-4CDW or visit CDW.com.