SAS 70

June 12, 2008  8:51 PM

iPhone’s and data security

Keith Harrell Profile: SAS70ExPERT
Order Management

What about the new iPhone? It has an abundance of new features and new headaches? With the latest push of emails to your iPhone, how many more network issues will this create? 

With the iPhone, you can download, pictures, music, and applications – how many of these will have undetected viruses or Trojan horses? As executives demand more technology, do you have enough security in place to prevent such disasters to your network? How much downtime can you afford? 

In a SAS70 audit, wireless networks and the related controls are normally tested. Testing of phone connectivity to internal networks and the related hazards are not normal considerations. 

I would recommend standardization of cell phones. Chose a cell phone that meets business needs and provides basic communication access for employees. Enact most security features to prevent rogue viruses from attacking your network. The phones should only sync with your business Exchange server and not the employee’s personal contacts or emails.


June 11, 2008  12:47 AM

Exchange and Email

Keith Harrell Profile: SAS70ExPERT
Order Management

SAS70 audits do not require disaster recovery to be audited; however, backups of email can be critical to survival of a Company should they be sued.

The process to back up emails can be expensive and time-consuming. I tried clustering Exchange servers. It was a mistake from the start – it became too complicated, I had to add 3 additional staff, hardware and don’t forget the licensing costs.

There are some appliances that make it easier to replicate to Exchange and other major mail servers. What appliances worked best for you? Or are there other techniques you can recommend to expedite the email backup process?


June 9, 2008  3:59 PM

Network Security

Keith Harrell Profile: SAS70ExPERT
Order Management

Do SAS70 audits adequately reduce network security risk within your Company? Many SAS70 audits do not. I have found that many audits only review high level security measures. The audits do not perform any penetration testing or do not run any software diagnostics to identify network security flaws which would allow intruders access to critical Company data. What are some of the more critical access points to your network that should be tested? How would you perform testing?

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: