For Immediate Release

 

2008 Represents Year of Configuration
and Compliance Challenges

Upcoming Pressures Will Force Organizations
to Re-examine Policies on Multiple Fronts

Portsmouth, N.H. – January 07, 2008 – Ecora Software, the market-proven leader for configuration audit and analytics solutions, today outlined a series of market and industry challenges and events that will drive organizations to examine their current IT policies. These market challenges will have a multi-departmental impact on organizations from the executive level to entry-level administrators, with special emphasis on senior IT and financial professionals.

Ecora has outlined the anticipated challenges of 2008 in three select categories: Emerging and New Compliance Initiatives, Trends in Best Practices and IT Implementations.

Emerging Compliance Issue:

• The Impact of Multiple Compliance Initiatives: Organizations have become subject to multiple compliance mandates in recent years. While Sarbanes-Oxley (S-OX) has garnered the majority of headlines in 2008, the average enterprise company will be charged with meeting the standards of between six to 10 federal and state compliance initiatives at any one time. Companies attempting to manage each compliance standard independently will be hampered by escalating audit expenses, a continuing drain on staff resources, and consistent failures to meet deadlines for new IT initiatives. At any one time, the following standards could apply to a typical enterprise company:
• Sarbanes-Oxley (S-OX)
• Health Insurance Portability and Accountability Act (HIPAA)
• Federal Rules of Civil Procedure (FRCP)
• Basel II
• Gramm-Leach-Bliley Act (GLBA)
• Japan's Internal Controls over Financial Reporting (ICFR) or (J-SOX)
• Payment Card Industry Data Security (PCI DSS)

New Compliance Initiatives

• 2008 will be another watershed year in which companies will be required to comply with federal and state mandates. Some of the recent compliance initiatives companies can expect to deal with in 2008 include:
• S-OX: For public companies under the 75 million cap, non-accelerated filers will be required to provide management's assessment regarding internal control over financial reporting in its annual reports for fiscal years ending on or after Dec. 15, 2007. Government estimates put the number of companies in this category at roughly 13,000.
• FRCP: On Dec. 1, 2006, the rules governing procedure for electronic discovery in federal cases were amended under FRCP. This is significant, as recent studies indicate that 92 percent of corporate legal departments have had to deal with some sort of e-discovery issue in the past 12 months.
• PCI: Level one merchants, those conducting more than six million transactions annually, were required to meet PCI compliance by Sept. 30, 2007; while level two merchants, 150,000 to six million transactions annually, were required to meet that deadline on or before Dec. 31, 2007. The field will expand in 2008 to include level three, 20,000 to 149,999 annual transactions, and level four merchants, under 20,000 annual transactions. Of note, Visa reports that, while level four merchants have far fewer annual transactions than those at levels one, two and three, they account for more than 99 percent of the merchants that accept Visa.

Trends in Best Practices

• Adoption of ITIL v3: Companies will actively pursue programs to implement Information Technology Infrastructure Library (ITIL) v3 and more widely adopt a «service management"» approach for IT. This is a trend away from managing discrete devices, towards managing services against internal service level agreements or «SLA's».
• System Reliability Expectations to Expand to the 6^th Nine: Service Level Agreements are moving beyond the «Five-9s» expectation of 99.999 percent uptime and reliability. In the coming year, many organizations will be expected to increase to 99.9999 percent reliability. While the figure may seem nominal on the surface, a closer look into reliability statistics highlights that, in industries such as financial services and banking, the 6^th 9 can represent recovery of lost revenue in the millions of dollars.
• Service Oriented Architecture (SOA): In 2008, companies will continue to redefine views of their architecture based on business services, while adopting a risk-based approach to data. The ability to define audit parameters will necessitate companies develop new methodologies for auditing and analyzing the configuration of their infrastructures. The goal will be to create a holistic view of architecture rather than each application, system and network device operating within its own independent silo.

IT Implementations

• Introduction of New Software by major vendors: Many major software vendors have introduced new versions of software that are only now beginning to impact a vast majority of organizations. Software versions with change management and compliance issues that are expected to be widely deployed in 2008 include:
• Microsoft Exchange 2007: The implementation of Exchange 2007 will not allow organizations to deploy the new version on the existing Exchange server, meaning a new server environment will need to be deployed. This will require the physical transfer of data from one server to another, thus creating an opening for possible configuration issues.
• Miscrosoft Vista: In 2008, the industry will see the first major adoption of Vista by the business and educational communities. Business and secondary and post-secondary educational institutions have been slow to adopt Vista until the first service pack offering had been released and, with its release, should now lead organizations to integrate Vista in increasing numbers. This will present a myriad of challenges for companies as they attempt to configure existing applications to a new environment.
• Virtualization: 2008 will continue the rise in adoption of virtualization and all that goes with it. While virtualization brings many performance benefits to the IT environment, business must continue to be cognizant of the security concerns that are created in a virtual environment versus the traditional physical environment. As pointed out by Gartner Research, 60 percent of all virtualized environments will be less secure than their physical counterparts through 2009.

"Competing pressures to meet business and consumer demand for uninterrupted, on-demand access to products and services, along with addressing the overwhelming number of regulatory mandates being imposed by government entities, will bring business and IT to a crossroads in 2008," said Mike Sullivan, president, Ecora. "While many organizations have compliance initiatives to assure proper controls are in place to protect sensitive business and consumer information, the demands of better, faster and more seamless business services presents a challenge. This year, businesses and IT are going to need to identify processes that can bring value for both service availability and compliance in an already heavily-taxed IT environment."

About Ecora Software

Ecora Software is the market-proven leader for Configuration Audit and Analytics solutions that allow a proactive view of the IT infrastructure and deliver actionable evidence ensuring critical business services remain operationally effective, secure, and compliant with internal standards and external regulations. Auditor Professional™ offers immediate value with its agentless architecture matched with rich report templates and pre-defined policies providing the foundation for effective change and configuration management. Please visit us at www.ecora.com