|
Achieving and maintaining compliance with Sarbanes-Oxley
(SOX) remains high on the list of tasks for IT departments,
which continue to invest tremendous effort and resources to
meet the act's stringent data security requirements.
Section 404 of SOX requires all public companies to assess
and report on the effectiveness of internal controls and procedures
for financial reporting, including access and dissemination
of sensitive financial information.
The growing popularity of mobile technologies has created
new challenges for SOX compliance. Traditional perimeter-focused
security solutions are no longer sufficient to prevent data
leakage or comply with data security and privacy standards.
Safend Auditor and
Protector are designed
from the ground up to help large organizations meet the challenges
of SOX in a timely, cost-effective manner. Safend provides enterprises
with the tools to identify and limit data leakage through physical,
wireless and storage interfaces, including a full audit trail.
Based on the four principles behind the most commonly-used
SOX compliance framework - the Control Objectives for Information
and related Technology (CobiT) - Safend solutions help organizations:
- Plan and Organize
CobiT requires organizations to initially perform an assessment
of existing infrastructure to determine strengths and weaknesses.
Safend Auditor allows system administrators to collect information
from each endpoint, delivering comprehensive data about
which devices, ports and connections are being used or were
used in the past
- Acquire and Implement
Once the SOX compliance plan has been developed,
Safend allows administrators to easily create comprehensive
and granular endpoint security policies. Policies are exported
directly to Active Directory as Group Policy Objects (GPOs),
ready to be assigned to relevant Organizational Units (OUs)
and silently installed on clients. Within hours, Safend
is protecting sensitive information and fulfilling critical
requirements of the organization’s SOX compliance strategy.
- Deliver and Support
Bringing and keeping solutions in-line with security and
business objectives, while still maintaining compliance,
is an ongoing challenge. To this end, Safend supports:
Access rights management - Leveraging either explicitly-defined
user accounts, or imported accounts from existing management
systems, Safend defines access rights at the individual
user level - restricting both access to information and
data transfers to external devices, including removable
storage and wireless connections.
Information usage monitoring – Safend Auditor queries
all organizational endpoints, locating and documenting all
devices that are or have been connected. Safend Protector
reports the attachment of unauthorized devices, monitors
the information flow in accordance with access policies,
and alerts administrators of attempted violations – while
comprehensively logging for complete audit trail.
Protection against threats - Safend mitigates the
threat of data leakage by controlling access to every endpoint
and every device, over every network or interface. Safend
monitors real-time traffic and applies customized, highly-granular
security policies over all physical, wireless and removable
storage interfaces – detecting and restricting access to
devices by device type, model or even device-specific serial
number. Safend can further ensure that data is secure by
encrypting any data written to removable storage devices,
or by enforcing the use of hardware-encrypted flash drives
only.
- Monitor and Evaluate
To continuously monitor and evaluate system performance,
Safend Protector logs and audits a wide variety of information,
including:
Client logs – tracks connection of a detachable
device to a computer, tampering attempts, etc.
File logs – provides file information for removable
storage devices, external hard drives or CD/DVD.
Server logs – provides information about the Management
Server and administrative actions.
|
Safend
for Sarbanes-Oxley Compliance