Posted by: Fohlhorst
CIO, regulatory compliance, user access
There was a time when Novell was a giant and NetWare ruled supreme. But as with other giants before and after, it took only a few bad strategic decisions for the company to slide off its throne. One thing the fallen king still has is its expertise in dealing with enterprise-level problems. One area where the company is hoping it can leverage that expertise is regulatory compliance.
Trying to meet regulatory compliance requirements for many user organizations, at least from an IT governance point of view, is a complicated and costly process. Novell is looking to put some salve on those wounds with the next version of its Novell Access Governance Suite, a set of software products that simplify how customers govern users’ access to corporate resources and manage regulatory compliance.
Version 4.1 now includes Novell Access Request and Change Manager, a new solution intended to simplify granting user access to information, as well as closing the compliance gaps caused by multiple methods of requesting access.
Governance would appear to be Novell’s path back into the enterprise by managing the weakest part of the compliance chain: controlling user access to data. The concept is a relatively simple one: If you can control user access, then you can control the flow of data. However, in reality it is not that simple. Not only do you have to worry about user access, but you also need to worry about what users can potentially do with that access. Legitimate access can still lead to compliance violations, whether it is accidental or malicious.
Is governance the answer to that problem? Or does data leakage protection become the solution to that problem? At this stage, it’s hard to tell. Novell is seeking to cover all bases by injecting its technology into the flow and access of data.
This question begs a couple more: How are corporations dealing with data leakage issues today? Are current solutions delivering the protection needed, or is Novell really on to something here? I guess it’s going to take audits and e-discovery requests to truly find out how compliant a particular enterprise is. Until then, one may want to consider what Novell is proposing and see if an answer exists that can address thorny compliance issues.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.