IT Compliance Advisor

Feb 2 2011   6:10PM GMT

Compliance solutions must be tied to IT management solutions

Fohlhorst Frank Ohlhorst Profile: Fohlhorst

If you look closely at the software specifically designed for compliance officers, it all shares the same set of functions: helps define policies, carries out auditing and reporting functions, and remediates. This clean, three-step process looks like a sensible way to deal with regulatory compliance.

But in the real world, things are never this straightforward. In fact, I’m beginning to think that IT-enforced compliance has to be approached in a whole new way. Instead of compliance solutions being bolted on top of IT management solutions, compliance software needs to become part of IT management’s DNA.

This approach would signal a paradigm shift in how compliance becomes interwoven with desktop management, security and IT policy enforcement. The problem is that so few solutions offer a foundation that integrates compliance with traditional day-to-day IT operations.

Even with this foundation available, it raises questions for harried compliance officers: Can IT management solutions deliver relief? Can policy generation tools enforce remediation? Do audits have to deliver only bad news?

Answers to these questions (and many others) could come from thinking about compliance as part of the infrastructure and resource management at the platform level. In other words, a unified approach that weaves the DNA of compliance with that of IT asset management, patch management, provisioning and auditing.

I can’t think of a solution today that offers all of this, as well as the ability to grow and keep pace with ever-changing enterprise-class infrastructures. But there may be hope. Recently I came across a startup, Puppet Labs, which is transforming itself from a services provider to a software company.

The company’s new product, called Puppet Enterprise, is an open source data center automation and configuration management framework. While not a compliance solution per se, it can serve as a policy-driven IT management platform which IT shops can use to incorporate compliance auditing and remediation at the provisioning level.

Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: