Photo: Prat Moghe

Prat Moghe is the General Manager of the Data Compliance division of Netezza (NYSE: NZ). Previously, Prat was the Founder & CEO of Tizor, a data auditing company acquired by Netezza. 

Read More »

Subscribe By Email

Your email:

Links of Interest

Blogroll

Browse by Tag

Keepers

Data Auditing Blog

Current Articles | RSS Feed RSS Feed

Getting life back from compliance

Posted by Prat Moghe on Fri, Jun 26, 2009
 | Submit to Digg digg it | Submit to Reddit reddit | Add to delicious delicious | Submit to StumbleUpon StumbleUpon | Share on Facebook Facebook | Share on Twitter Twitter | Share on LinkedIn LinkedIn 

James DeLuccia IV (http://pcidss.wordpress.com/2009/06/25/audits-of-the-future-must-enrich-and-enforce-your-it-strategy/)and I did a webcast this past week that covered an interesting theme of the year. The title was - "Getting life back from compliance". It essentially covered the question of economics around data auditing. Many enterprises are struggling with the enormous amount of work compliance has created and thrust upon IT. The first step out of this insanity is to step back and try and quantify how much work is compliance…really. The next step is to translate this into costs – hard costs and soft costs. Further classifying hard costs into development costs, capital costs, and operating costs. Once we have this number we can all stare at it long and hard until we internalize the implication: which is that it is a staggering number. Don’t believe me, check out the numbers – for a 100 database project around SOX & PCI activity monitoring/logging/reporting/reviews cost an enterprise $2 Million over 3 years – roughly an extra 40% overheadover the enterprise IT spend.  The productivity hit to the IT staff is even worse. Here is the link for details - http://www.tizor.com/News-And-Events/Events/ROI-of-Auditing-and-Compliance-Lifecycle 

Which brings us to the next part of the webcast. What can we do about this? We could stare some more and eventually punt on the problem – this is common, many application owners dump all data (relevant or not) on to the auditors and make it their problem. Unfortunately this makes the problem worse in the long term. Our suggestion is to look into automation. There are tools available (Mantra being one of them) that are purpose-built and turn-key. They capture all the nitty gritty issues, around scoping applications, logging & storing the right type of information, creating reports, managing this effort quarter after quarter. These tools can relieve the impact of compliance and help get your life back….really.

At some point, I will do a series of posts to dig into this in more detail. For now, check out the webcast if you are interested.

By the way, James DeLuccia’s book on IT Controls and Compliance is a good read - http://www.amazon.com/gp/product/0470145013?ie=UTF8&tag=itcomandcon-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0470145013

Tags: , , , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.