BIOS: Technology Means Business

Half full or half empty? Companies can regard compliance with the past five years of regulatory frenzy, as a burden that threatens their financial balance sheet or even their operational capacity.

Or as an opportunity to reassess their infrastructure, look beyond regulatory aspects, improve their performance and, ultimately, their cost structure.

Close on the heels of the Sarbanes-Oxley Act in 2002, other regulatory obligations have been imposed upon businesses and, in turn, upon their IT divisions or outsourced IT providers. The Patriot Act, the Gramm-Leach-Bliley Financial Services Modernization Act, Basel II, the IAS/IFRS accounting rule… For IT teams, support the compliance with these new laws and regulations means redefining its responsibility and its capabilities.

Indeed, they were already used to providing accurate and comprehensive data about IT infrastructure. The need to track, document and audit what exactly is in the system, where, since when, until when, etc., is not new. But the new regulatory environment makes this task less manageable (more demands, more often) and, critically, more complex - coming from non-technology regulators, the requests do not ‘speak technology’.

For example, the International Financial Reporting Standards (IFRS) poses deceptively simple questions: how does one manage an aircraft and its engine separately? How can one identify expenditures that generate cost reductions? How does one manage different depreciation periods for assets of the same kind? Or the future cash flow generated by an asset, and so on.

A recent report by analyst Gartner states that ‘more than 80% of IT groups may be incapable of satisfying many of the laws and regulation that require change-related audit trails and accountability over material configuration items’. For IT managers, the ability to identify, track and manage infrastructure configurations is critical to regulatory compliance. Companies must therefore review their stance in relation to managing their infrastructure and adapt the technology tools they use to manage their IT infrastructure, and continuously analyse it in order to be able to predict changes in costs or in reporting needs.

Does this mean purchasing new software just to comply with regulations? Not necessarily. Choosing the right technology solution will not only allow IT management to effectively support their company’s compliance with regulations, it will also deliver new business benefits. Infrastructure management software presents strong advantages versus more typical asset or service management tools, as they automate elements of provisioning, discovering, updating, deploying and documenting systems in support of compliance. Combining infrastructure discovery with mapping and deployment tools automatically, they also monitor the system and ensure sustainable compliance without requiring manually configuration.

Thus, they are more efficient and repeatable, and they significantly reduce the effort involved to manage inventory tracking and utilisation, asset distribution and reuse. Integration of not only management of active assets, but also historisation of all events affecting them will give companies the requisite transparent view of their physical resources lifecycle. These software solutions are therefore indispensable if one is to turn the new regulation lemons into lemonade.

Criston Software is exhibiting at Infosecurity Europe 2007, Europe’s number one dedicated Information security event. Now in its 12th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,600 visitors from every segment of the industry. It is held on the 24th to 26th April 2007 in the Grand Hall, Olympia, London.