Compliance Budgets Attract Packs of...

Computerworld - ...vendors eager to unburden you of all those dollars, while claiming to put you right with the slew of regulations weighing heavily on IT. AMR Research Inc. in Boston predicts that U.S. businesses will spend just under $16 billion this year to comply with laws such as the Sarbanes-Oxley Act. And most of that will go toward technology that automates the oversight of business processes, AMR says. Little wonder, then, that vendors are banging on your door with "compliance solutions."
Jasvir Gill, CEO of Fremont, Calif.-based Virsa Systems Inc., says his company has offered compliance monitoring technology for SAP systems since 1996, well before "Sarb-Ox" became an IT curse word. He claims that Virsa already does compliance monitoring for 1 million end users. Its Continuous Compliance software checks 120,000 rules before a transaction is processed by SAP applications. If the software detects a compliance or business process violation, it can halt the transaction.
This week, Virsa will ship its $30,000 Risk Terminator module, which addresses a concern expressed by auditors that IT administrators have too much power over systems and might have unsavory intentions regarding circumventing corporate financial controls. Risk Terminator lets IT do its thing, but if the software detects that something fishy is going on, it reports the suspected transgression to a compliance manager. Pricing for the Continuous Compliance suite starts at around $300,000. Sometime this summer, Virsa is planning to add a version for users of Oracle Corp.'s applications.
Also this week, Opsware Inc. in Sunnyvale, Calif., unwraps Version 5.1 of its Server Automation System monitoring software, which comes with new tools called Compliance Automation. With them, you can set policies at the COM object or operating system registry level to make sure there's no hanky panky conducted on your servers. Sharmila Shahani, Opsware's senior vice president of marketing, claims that another new feature, Express Automation, can identify up to 300 servers on your network and all the software running on them within an hour. A couple of hours later, those servers can be loaded with Opsware agents to ensure that they obey the law, she says. Pricing for the full set of monitoring tools is $1,200 per server.
Meanwhile, Imanami Corp. in Livermore, Calif., next week plans to announce its existence along with a line of of identity management tools. "Sarb-Ox is definitely the No. 1 driver out there for identity management," says CEO Robert Haaverson. He argues that the majority of identity management projects that fail do so because "they try to boil the ocean."