“Enterprises are doing all of their compliance work in silos, and they aren’t seeing the commonality between [the projects], particularly in the area of security,” says Stephen Barlock, North America security lead at Accenture. “The net result is that their compliance efforts are much too complex.”
Enterprises are also finding that the costs of their compliance efforts are rising, not falling, because of the growing number of independent, and sometimes redundant, regulatory efforts, says Mark Perry, vice president of global consulting services at Symantec, who will head the joint venture.
SOX and the Gramm-Leach-Bliley Act (GLBA) mandate data protection, but don’t give any IT specifics. The Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) standards outline more specific requirements.
“What we encourage companies to do is build a matrix of the requirements,” says Chris Apgar, president of Apgar and Associates LLC, a compliance consulting firm. If they meet the most stringent security requirements on the matrix in each category, the result should be a security platform that meets the compliance mandates of all of them. For example, if you look at SOX and GLBA, they don’t say much about encryption,” Apgar says.
Accenture and Symantec are working on a way to automate the process of correlating the security requirements of each regulatory mandate and identifying the most stringent elements, says Accenture’s Barlock. “With this joint venture with Symantec in place, though, we think the days of doing this manually are numbered.” “If you want to encrypt email, a $250,000 package from Tumbleweed is a pretty sure thing to pass an audit,” he says.
http://www.darkreading.com/document.asp?doc_id=106910&WT.svl=news2_5