Sarbanes-Oxley (SOX) Act Data-at-Rest Security Compliance

Thales e-Security assists in data security compliance with Sarbanes Oxley Act that regulates financial reporting and auditing of publicly traded companies.

Sarbanes-Oxley Act (SOX) Compliance

The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on 30 July 2002, which sets standards for all US public company boards, management and public accounting firms. The primary sections of the SOX Act that concern protecting data are SOX Act sections 302 and 404. Thales e-Security can help organizations meet these SOX compliance requirements standards.

SOX
Sarbanes-Oxley Act: Section 404

Sarbanes-Oxley Act section 404 has two major compliance requirements:

  • Management is accountable for establishing and maintaining internal controls and procedures that enable accurate financial reporting, and assessing this posture every fiscal year in an internal control report.
  • Public accounting firms that prepare or issue yearly audits must attest to, and report on, this yearly assessment by management.
Sarbanes-Oxley Act: Section 302

Sarbanes-Oxley Act section 302 expands this with compliance requirements to:

  • List all deficiencies in internal controls and information, as well as report any fraud involving internal employees.
  • Detail significant changes in internal controls, or factors that could have a negative impact on internal controls.
Implications

The SOX compliance requirement implications for public companies to protect data are:

  • Any financial information needs to be safeguarded, and its integrity assured.
  • Specific internal security controls need to be identified that protect this data, auditing must take place, and this security posture re-assessed every year – including any changes or deficiencies as a result of changing conditions.
Thales e-Security's Vormetric Data Security Platform

Thales e-Security provides key portions of the solution to Sarbanes-Oxley compliance problems, providing security controls that enable organizations to safeguard and audit the integrity of financial data across widespread heterogeneous infrastructures. These portions of SOX compliance solutions include virtualized environments and cloud implementations, with big data usage as well as within traditional data centers against a broad range of threats against data.

An Integrated Solution that Addresses Multiple Needs

Thales e-Security's combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to financial data. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Thales e-Security details who accesses data, leaving a clear audit trail. This enables extended security controls for recognizing compromised accounts. This single platform solution to multiple data protection needs helps organizations meet Sarbanes-Oxley compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales e-Security provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls extend protection from data breaches by limiting data access to only authorized personnel and programs. And data access monitoring provides the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption

Vormetric Application Encryption from Thales e-Security adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management from Thales e-Security enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Research and Whitepapers : IANS: Encryption as an Enterprise Strategy

This report is a survey and offers analysts on creating an enterprise-wide encryption strategy and explores the growing “encrypt everything” philosophy.

Download

Research and Whitepapers : Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service).

Download

Посмотрите интерактивное демо Подробнее
Записаться на демо Записаться
Свяжитесь со специалистом Свяжитесь с нами