Compliance: Fear and loathing in 2004

By Shane O'Neill, Senior News Writer 29 Dec 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

This year, it's likely that IT managers would trade in all their holiday gifts to get the compliance grinches, I mean regulators, off their backs.

Compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for patient records and the Sarbanes-Oxley Act of 2002 (SOX) for financial records changed the way companies managed their data in 2004. Regulated companies spent a lot of time and money figuring out what data it had and what it needed to keep.

This led to confusion and anxiety because compliance language is not IT specific and better suited for lawyers and auditors. Many IT departments were left scratching their aching heads over compliance -- simply doing their best to manage, protect and archive their data.

But on the bright side, the effort to get compliant did help many IT departments put their shops in order and, in some cases, helped business and IT communicate better.

Here's a rundown of the top compliance-related news stories of the year.

Compliance -- a budget-buster in storage

The road to getting compliant was rocky in 2004 as users grew more and more impatient with vague and complicated rules, and were often confused about what products to buy.

In a SearchStorage.com poll in April, 51% of respondents said that "indecipherable rules and regulations" was their main compliance issue.

On the Nov. 15, deadline for SOX, companies were still uncertain if they were prepared, and were a little miffed at how much money they had to spend on compliance.

Vendors did their best to capitalize on this confusion throughout the year, introducing new compliance-related products for managing data.

Here are some of the big compliance-related storage acquisitions and product announcements that took place this year:

Compliance puts focus on entire security network

SOX and HIPAA also had security managers under the gun in 2004 as they focused their efforts on protecting company records. As with storage, security managers were left befuddled by regulations that were vague and not IT specific, and spent most of the year determining what the violations were -- and how to avoid them.

Click here for the lowdown on the security implications of SOX.

HIPAA was also a cause for stress and late nights for security managers. A common complaint at health care organizations was the lack of communication between IT and business. Experts say that this resulted in too much of the HIPAA responsibility being placed on IT departments.

But overloaded IT departments equates to dollar signs for vendors. Because of compliance, managing the entire network -- rather than just fighting off threats -- became more of a priority in security. As a result, security vendors that offer command and control services, such as identity management, security event management and vulnerability assessments, experienced the most growth this year.

Many companies were unconvinced that they could handle compliance tasks on their own and enlisted outside help from security companies. This was a trend in storage as well, with companies outsourcing the management and archiving of their e-mail.

But compliance didn't always breed contention between IT and business in 2004. It often did the opposite. Compliance regulations affected IT, records management and upper level executives, and nothing brings people together better than a common problem.

Compliance also gave IT a chance to shine. For the first time, the CEO's job and reputation depended on how well IT executed.

Here's a list of stories on the IT/business relationship as it relates to compliance:

An ongoing challenge

Companies are just getting used to compliance, so the learning curve for IT departments will continue in 2005. But for all the time, effort and money spent on compliance this year, it may have finally given IT what it has been craving for a long time -- respect.

But IT will have to keep earning that respect because, unlike Y2K, compliance will not disappear after New Year's Eve.

Tags: HIPAA,  Sarbanes-Oxley Act,  Gramm-Leach-Bliley Act (GLBA),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT HIPAA Cost of security, IT management add up at healthcare facilities, study finds Healthcare security spending remains sluggish, report shows Creating a HIPAA employee training program FTC extends breach notification to Web-based health repositories Are there guidelines to create a HIPAA-compliant data center? HHS HIPAA guidance on encryption requirements and data destruction Writing a patient identifier policy to prevent common HIPAA violations HIPAA compliance: New regulations change the game HIPAA compliance manual: Training, audit and requirement checklist Key elements of a HIPAA compliance checklist HIPAA Research Sarbanes-Oxley Act SOX compliance burdens midmarket security teams Ex-SEC chief Pitt decries state of Sarbanes-Oxley, risk management Information security book excerpts and reviews Internal audits for Sarbanes Oxley and internal IT support Internal auditors and CISOs mitigate similar risks Implement security and compliance in a risk management context Does password sharing in international branches violate SOX? Consensus Controls project aims to set benchmarks for compliance Security visualization helps make log files work The Little Black Book of Computer Security, 2nd Edition Sarbanes-Oxley Act Research Gramm-Leach-Bliley Act (GLBA) Implement security and compliance in a risk management context The road to compliance IBM to boost security spending, push PCI DSS program ISO 27001 could bridge the regulatory divide, expert says Policies and regulatory compliance Where hard drives go to die, or do they? Compliance guide for managers: Lessons learned and best decisions Become compliant -- without breaking the bank Compliance Guide for Managers Making sense of the maze Gramm-Leach-Bliley Act (GLBA) Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary