If you look closely at the software specifically designed for compliance officers, it all shares the same set of functions: helps define policies, carries out auditing and reporting functions, and remediates. This clean, three-step process looks like a sensible way to deal with regulatory compliance.
But in the real world, things are never this straightforward. In fact, I’m beginning to think that IT-enforced compliance has to be approached in a whole new way. Instead of compliance solutions being bolted on top of IT management solutions, compliance software needs to become part of IT management’s DNA.
This approach would signal a paradigm shift in how compliance becomes interwoven with desktop management, security and IT policy enforcement. The problem is that so few solutions offer a foundation that integrates compliance with traditional day-to-day IT operations.
Even with this foundation available, it raises questions for harried compliance officers: Can IT management solutions deliver relief? Can policy generation tools enforce remediation? Do audits have to deliver only bad news?
Answers to these questions (and many others) could come from thinking about compliance as part of the infrastructure and resource management at the platform level. In other words, a unified approach that weaves the DNA of compliance with that of IT asset management, patch management, provisioning and auditing.
I can’t think of a solution today that offers all of this, as well as the ability to grow and keep pace with ever-changing enterprise-class infrastructures. But there may be hope. Recently I came across a startup, Puppet Labs, which is transforming itself from a services provider to a software company.
The company’s new product, called Puppet Enterprise, is an open source data center automation and configuration management framework. While not a compliance solution per se, it can serve as a policy-driven IT management platform which IT shops can use to incorporate compliance auditing and remediation at the provisioning level.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.