|
The Sarbanes-Oxley (SOX) Act was signed into law in July 2002 in response to widely publicized corporate accounting scandals. The Act introduced stringent new rules on corporate officers and directors of publicly traded companies with the stated objective of protecting investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. .
These new rules, under Section 302 of the Act, mandate that CEOs and CFOs of public companies certify periodic financial reports stating that, to the best of their knowledge, the financial information included in the reports is accurate and complete. Moreover, under Section 404, the Act requires the CEO and CFO to include a written report on the design and operating effectiveness of internal controls over financial reporting within its annual filings with the Securities and Exchange Commission, and to have these reports certified by its independent auditors. Sarbanes-Oxley affects all public companies, domestic and foreign, that have registered under the Securities Exchange Act of 1934, as well as their directors, officers, employees, lawyers, and accountants. Compliance costs associated with the Act can be exorbitant, while the implications of non-compliance are severe, including negative investor perception and, potentially fines and prison time.
The scope of internal controls over financial reporting have been widely interpreted to cover the integrity and security of all IT systems used in collecting financial information, including the environment in which they operate, network security, transactions, and access to pertinent information. In addition, a company must have adequate entity-level controls that in some cases extends the scope to IT systems beyond those that are directly related the collection of financial information.
The Act does not clearly define what an adequate internal control is, nor does it recommend guidelines for evaluating them. Due to the vagueness of the Act, it is open for interpretation among enterprises seeking compliance. Several organizations have evolved to establish frameworks for evaluating internal controls. For example, the IT Governance Institute (ITGI) created the Control Objectives for Information and related Technology (COBIT) to attempt to interpret the Act specifically from an IT perspective. While detailed IT process can be found in ITGI publications, some key points are listed below:
- Key systems are defined as servers where financial data is stored, plus any devices (clients or otherwise) that have access to these servers
- All key systems must be locked down to prevent unauthorized access
- Access control must be demonstrated for every single device within a network that is part of the financial workflow
- Detailed audits must be performed on an ongoing basis to prove adherence to security procedures
The Benefits of Infrastructure Centralization
The centralization of branch office servers and storage enables enterprises to better secure business information. By consolidating IT infrastructure within a select number of purpose-built data centers, enterprises can protect vital business resources through tight physical security and well-defined access procedures. In addition, when sensitive information is consolidated within a select number of servers, IT staff can better enforce proper password protection, implement appropriate security mechanisms (e.g., firewalls and antivirus programs), and ensure that all infrastructure is equipped with the latest software patches. It is much more difficult to enforce these types of security safeguards, and audit their effectiveness, when data is stored in numerous offices in distant locations with limited IT staff.
By making server centralization a reality, Silver Peak is an indispensable tool for organization looking to improve application delivery while maximizing data security through infrastructure consolidation.
The Need for Strong Encryption
Many application acceleration solutions improve application delivery by delivering pertinent information via local appliances. As these appliances store information in a proprietary fashion, they are inherently more secure than local servers. To further mitigate the risk of unauthorized access to this information, Silver Peak also uses 128 bit Advanced Encryption Standard (AES) to encrypt all information stored in an NX Series appliance’s local data store.
Silver Peak also supports optional IPsec tunneling (using 128 bit AES encryption) between NX Series appliances. This ensures that data remains completely safe from unauthorized access when traversing the WAN, as does all communications between appliances.
Additional Silver Peak Benefits
Silver Peak NX Series Appliances provide additional layers of security that address the IT security requirements outlined in the Sarbanes-Oxley Act. These include:
Authentication, Authorization and Access Control
- TACACS+ and RADIUS support prevent unauthorized devices from accessing Silver Peak NX Series appliances
- Unique username/password combinations for controlled administrative access
Reporting/Auditing
- Detailed alarm generation
- Trending reports, syslogs, session logs, and SNMP traps for historical analysis and auditing
- Historical record keeping for a variety of traffic flows, including application analysis and specific LAN-to-WAN mappings
- Data can be exported via industry standard formats (e.g., Netflow) for external manipulation and storage
SOX Friendly Application Acceleration
By enabling server centralization, Silver Peak helps all organizations to secure sensitive financial information. In addition, Silver Peak NX Series appliances offer a variety of security options to protect financial data as it is delivered across a distributed enterprise.
Regardless of the applications and platforms in place, Silver Peak helps organization to control what financial data is being accessed, and by whom. Furthermore, Silver Peak provides detailed logging capabilities that enable enterprises to track the flow of information and knowledgeably report on the way sensitive financial data is used and managed. In this respect, Silver Peak is a valuable tool for organizations looking to improve information delivery, without sacrificing information security.
|
