How to enhance SOX compliance with effective identity

SARBANES-Oxley Act (Sarbanes-Oxley Act (SOX)), which aims to open a strong internal control on its financial reports to ensure the accuracy and reliability of its financial statements, Fraud behavior, the behavior is avoiding fraud. The behavior was prevented from fraud and protecting investors from inaccurate financial reports through Congress in 2002. The legislators have formulated the SOX bill to cope with the highly anticipated financial scandal in the early 2000s, and apply to all the board of directors and accounting firms of all listed companies in the United States.

Even though SOX is technically a financial law, it has a wide range of influence and the impact of network security. The legislation has been more than 20 years old. Since its establishment, our technical pattern has undergone tremendous changes. The intention of the law is the same, but the company’s actions that must be developed in compliance must be developed. By sure that you are protecting the integrity of financial data, you first need to know which systems and individuals can access sensitive information.

There are two key parts of SOX:

1) The company’s CEO and Chief Financial Officer personally proves the accuracy and integrity of the financial statements (Section 302)

2) Management and reviewers implement internal control and reporting procedures (Section 404). Not in line with these regulations may lead to laws and financial impacts.

These are the unprecedented complex era in our business and technical environment. In the past, you can only meet SOX requirements by monitoring applications that generate financial reports. In the mixed world of clouds and local solutions today, it is also a challenge to track how many systems that touch your financial data. It is no longer enough to manage applications for creating financial reports. The application writes it into the database, which has associated authority on the server that has its own authority.

Development, records and maintenance may span the internal control of many departments and systems and keep up with the rapid development of technology and network security threats.

Each login to each account is a potential security vulnerability. Therefore, establishing a strong sanitary strategy should be your primary task. Whether the person who has the right to verify the right person to access the correct information in the organization can enhance your SOX compliance and overall security posture. First of all, focus on your identity, you can ensure that you will not study compliance through a single lens; you are evaluating the breadth of the entire system and account.

Here are the best practices for some improvement of identity in the organization:

Evaluate your environment -If you don’t know what happened in the IT environment, it is almost impossible to solve any problems. Risk assessment to understand which systems are in place and which systems are related to SOX requirements. Not every hardware or software infrastructure will affect the financial report system. Start peeling off the onions to define applications, servers, and back -end databases that define your financial data.

Establish continuous control- Evaluation and remedy are an important one -time practice, but you also need to implement control measures to continuously monitor your system’s loopholes or violations. Considering one of the two respected network security frameworks, that is, ISO/IEC 27001 or NIST CSF to manage intelligent discovery and problem solving, and then solve the problem. These frameworks provide strategies that help SOX compliance and general network security and health.

Determine access permissions- Review who or what can access all components that can interact with the financial reporting system. This list may include the username and specific application of an accounting analyst or the username and password of the machine account that keeps the system run. Determine the access level of each person or the machine and whether it is necessary to work.

Cleansing authority -Che verification how to grant permits and identify and eliminate accounts that have been outdated, unnecessary or excessive permissions. For example, you may find an orphan account from the employees or the employees who have left the company or the employees who leave the company or the employees used to perform activities. Clear chaos and ensure that you can connect all permits with specific business needs.

Use automatic tools- Manual tracking permissions and controls are very troublesome and easy to make errors. Sanitary hygiene must be an effective overall practice. Find technology that can automate work processes, detect risks, corrects problems, and maintains technologies that require time.

If your company is bound by the SOX law, it is not compliance. You must abide by legal letters, or face the risk of fines or legal litigation. But you can choose how to deal with SOX compliance. If you think that compliance is an opportunity to strengthen organizational security, it will become more valuable than a regulatory check box. Today’s technical environment is complicated and changing. By making your status as the cornerstone of SOX compliance strategies, you can use the current control and automation tools to continuously evaluate your IT landscape, optimize permissions and protect the company’s most important data.

About the author

Rita Gurevich is the chief executive and founder of Sphere. Sphere is a leading identity health company. It redefines key issues that organizations identify and remedy are related to identity. Rita started her career at Lehman Brothers. After the organization went bankrupt in 2008, she supervised the distribution of technical assets. Based on this experience, Rita witnessed the challenge to maintain strong inventory, does not meet the meaning of improper access, and quickly realized the solution to the rapid and agile needs solution and solve these types of problems.