Poorly managed desktops and laptops expose companies to major compliance and
security problems. These devices, which are often left susceptible to both internal
and external threats, can lead to a loss of control over sensitive customer
information and massive losses in the cost of responding to the incident. Companies
face a slew of information security regulatory requirements under federal and
state laws such as GLBA, Sarbanes-Oxley (SOX), and HIPAA.
Given the current pressures to account for all aspects of a companys
critical information, effective desktop management capabilities are fast becoming
essential to meeting todays requirements. The question isnt whether
a company should deploy and maintain computers and related software applications
securely, but rather how it should do so.
The core tenets of information management compliance regulations can be broken
down into three categories: ensuring the confidentiality of sensitive information
(GLBA, PCI); protecting data integrity by eliminating unauthorized creation
or modification (SOX); and guaranteeing information availability during mandated
time periods (HIPAA).
Wondering if you're at risk of violating security compliance regulations? The
following "7 Signs" can help determine your compliance status and
develop a game plan to avoiding regulatory action.
1) You Struggle with the Ability to See and Manage Software Configurations.
Software vulnerabilities provide a method for hackers to gain access to protected
systems. Almost all regulations require that a software configuration management
solution is in place. Visibility into software configurations and the corresponding
ability to make automated changes allows software updates to be distributed
to remove any vulnerability inherent in installed software. Configuration management
systems should be able to accomplish the following:
- Asset discovery to guarantee all systems are identified together with their
- Software updates and patch distribution to non-compliant systems
- Record of all activities
- Roll back of any updates in case of incompatibility