Companies still not complying

By on
Companies still not complying
Why companies don't care about compliance

THERE IS A DEGREE OF uncertainty amongst customers and some of their IT security partners about compliance: what regulations apply to what industry sectors, and what the implications are.

“It is a very hit-and-miss thing in the local market,” says Chris Thomas, security solutions strategist for Computer Associates.

“In a lot of cases the idea of compliance is whatever is in the view of either the company or the company’s external auditor,” he says.

The US Sarbanes-Oxley Act (SOX) is the most talked about Act when it comes to compliance, and was introduced in the US after the scandals of Enron and WorldCom. SOX regulates corporate financial records (which includes security of data and systems) and stipulates penalties for infringements.

Unlike SOX in the US, we do not have many mandatory, IT security-specific regulations here in Australia. “SOX doesn’t affect many Australian companies unless they do business in the US or have either a partownership or listing requirements in the US,” says the vice-president of research at Gartner Asia Pacific, Richard Harris.

However, in Australia, there is a piece of legislation called CLERP 9 (Corporate Law Economic Reform Program), which is similar to SOX, says Harris. “CLERP 9 doesn’t specifically relate to IT security per se, but it does carry with it the requirement to have due processes in place to protect data, and to protect the interests of stakeholders of those companies,” he says.

At CRN’s security roundtable, Neil Campbell, Dimension Data’s national security practice manager, pointed out that Australia’s Privacy Legislation and Corporations Act does have an impact on IT security practices. “Privacy legislation requires companies to protect confidential information, and the Corporations Act makes company directors responsible for security. A director can be sued if the security of a company is inadequate and contributes to signifi cantloss,” he says.

In Australia there’s also “industry best practice” standards like ISO17799, that the NSW Government has been mandated to follow, Thomas says. However, it is ‘best practice’ – people are not actually being forced, he says.

NetIQ's Taylor: Securing IT systems a huge burden
NetIQ's Taylor: Securing IT systems
a huge burden

“Yes, everyone should be doing it, but until someone’s really hung out to dry or penalised for not following it, there’s a bit of a blasé attitude that we’re okay. And in a lot of cases, it’s just seen as something else you have to throw money at without actually seeing any return,” Thomas says.

Nick Verykios, marketing director at Firewall Systems, says some companies are more concerned about how they’re going to pay the salaries tomorrow rather than compliance. It is pretty low on the list of priorities, particularly for smaller companies.

Compliance can be daunting for big companies too, particularly those in the financial sector. Compliance stipulates that the business processes must be easily auditable, so that every step of a financial transaction can be tracked and monitored. The IT systems managing this environment also have to be secure.

David Taylor, regional director of NetIQ Asia Pacific, says this places a huge burden on companies. “For example in the banking environment in Australia – just the computing network of the top four banks – they can generate up to eight million log events on a daily basis, so it’s physically impossible for anyone to look at those one at a time,” he says.

Security resellers using compliance as a sales tool should tread carefully. “How many resellers – whether it’s at the enterprise or SME level – are truly qualified to advise a CEO about the business’ compliance?” says Kevin Bloch, Cisco’s regional manager for advanced technologies.

“It’s a real issue because I think there’s a lot of people that are punching above their weight, and I think a lot of compliance confusion is created specifically to generate work,” he says. There are other opportunities to explore, rather than baffle with compliance to get a sale.

It will become more of an issue in Australia when someone goes to jail, says David Blackman, director of channel sales for Symantec. “When the government actually puts teeth behind compliance, suddenly you’ll find everyone decides they need to be compliant.”

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
companies complying not security still

Partner Content

Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Australian MSP Index launched

Australian MSP Index launched

Log in

Email:
Password:
  |  Forgot your password?