IT Governance
Enforcing Corporate Management Ethics and Data Privacy throughout the Enterprise
Sarbanes-Oxley (SOX) Act, passed in year 2002, has huge impact on how enterprises are managed. The Act requires enterprises to change their business processes to adapt to assurance of finance data at high integrity. The act was enacted in response to numerous accounting fraud caused by enterprise top-management that arose public attention worldwide.
"With the sole exception of the war on terrorism, no issue dominates current thought more than the corporate and accountancy ethical scandals which have rocked our country"
Sarbanes-Oxley Requirements
Section 103
"an evaluation of whether such internal control structure and procedures... include maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer... [and] provide reasonable assurance that transactions are recorded as necessary. |
Download Paper
Find out how Bloombase Security Platform achieves maximum IT governance
|
|
|
Section 302
"the signing officers have dsclosed... all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize, and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls."
Section 404
"each annual report... contain an internal control report, which shall... contain an assessment... of the effectiveness of the internal control structure and procedures of the issuer for financial reporting."
The Security Challenge
Sarbanes-Oxley and other associated privacy legislations are laid and established to mandate enterprises to protect interests of investors and consumers through effective IT and corporate governance. To ensure data integrity, traditional solutions suggest the use of audit trail and logging which are exhaustive and cannot prevent intended alteration acts. Audit trail is often considered resource expensive and relatively unsafe as contents of audit logs can as well be tampered and hacked leaving no traces in unauthorized offence.
To protect data from unwanted disclosure, one might suggest access control and block unauthorized users from reading the sensitive data. However, to administrators and operators who have superuser privileges, they have full access to any system resources even if the resources are not owned by them. Access control to these privileged users means nothing.
Existing security measures cannot protect data from alteration. Statistics showed private enterprises raise their investment by 30% yearly on data security. However, the number of data security incidents grows at the same rate if not exceeding [CERT, IDC, RBCCM 2002].
PricewaterhouseCoopers reported that 50-80% of data attacks are from company insiders. CSI/FBI investigation in year 2002 showed insider attack has caused the industry monetary loss of more than USD 50 million.
Command-based encryption utilities only work with offline archives instead of processing real-time data on-the-fly. They require much operation by administrators and at the end, it is still unsafe. Volume protection is considered transparent, however, it is limited to direct attached storage and is not scalable for enterprise use.
Bloombase Solution
Bloombase created Bloombase security platform to address compliance requirements suggested by Sarbanes-Oxley to maximize IT governance in corporations. Bloombase security appliances protect encryption and digital signing keys inside hardware security module (HSM) from disclosure and duplication. Bloombase software appliances encrypt data with NIST certified AES, 3DES and DES cryptographic algorithms and create digital signatures to assure data integrity by international standards including Public Key Infrastructure (PKI), X.509 digital certificates and W3C XML digital signature.
Data Integrity
Bloombase SOA appliance signs financial documents and archives with digital certificates. Digital signature provides evidence to possible alteration of data being signed. Bloombase SOA signs plain data, data files, XMLs, emails and Adobe PDF files. Bloombase SOA appliance can detect data changes by examining signature value and message digests previously generated against signer's digital certificate. Corporations have assurance over financial data archives and gaurantee data integrity by use of Bloombase SOA.
Data Confidentiality and Change Resistance
Bloombase StoreSafe protects storage data by strong encryption. Encrypted data appears as garbage and meaningless information to unauthorized users. Intruders will have to pay tremendous efforts to undo the encryption process which is considered technically impossible. Seeing confidential data appeared as corrupted information, trespassers and casual crackers immediately lose their interest and turn away for other plain data to hack with. Disappointment and frustration are the best weapons for hackers as they seek for fun and they do not like spending time on difficult tasks.
Application Transparency
Bloombase software appliances are network based hardware which can easily fit in any enterprise systems and do not invade existing computing infrastructure. Bloombase operates as a network blackbox transferring data between components of a system. Bloombase detects network packets for plain data and encrypt them before sending to data's original destination. As encrypted data pass through Bloombase, Bloombase Cryptographic Engine (SCE) immediately decrypts data and delivers plain data to the next hub. Bloombase gaurantees zero-downtime deployment and works transparently under the covers without applications or users' intervention.
No Single Point of Failure
Mission critical systems require extra high level of service availability. To cope with the ever increasing storage and challenging service requirement of customers, Bloombase software appliances have prepared for mission critical use as well. Bloombase software appliances are high availability (HA) ready. Corporations can multiplex Bloombase instances to run in a cluster. Failure of any single Bloombase software appliance will not affect service of the entire cluster. Bloombase software appliances are built with concern on failover and non-stop - redundant cooling fans, redundant and hot-swappable power-suppy and multiple network and storage interfaces.
Effective Compliance
To address Sarbanes-Oxley and other numerous IT governance compliance requirements, enterprises should act immediately to secure their financial data and various information archives. Bloombase Security Platform provides a cost-effective, scalable and secure solution to protect these invaluable corporate assets from unwanted alteration.
For more information, contact us
|