Symantec pushes compliance software

Symantec has released an update to its Control Compliance Suite (CCS) security standards software. 

CCS aims to help companies conform to Sarbanes-Oxley and the PCI credit card standards which dictate the ways in which companies must track data and manage security. 

Compliance software tracks the steps needed in order to conform to the standards and alerts companies when data or security systems may leave them open to a violation.

Indy Chakrabarti, group project manager for CCS at Symantec, said that compliance with the law is the main incentive for companies to use such software.

But there is also the added security and governance benefits that come with putting standards in place and regularly running audits, he explained.

"The reason it is a huge deal is that all of a sudden there are fewer security breaches and better security across the board," Chakrabarti told vnunet.com. 

There are, however, significant challenges that come with compliance systems, Chakrabarti warned.

Although the software can secure digital data and recommend what steps to take, physical security features, such as managing alarm and locking systems or retrieving ID badges from outgoing employees, also pose risks.

"The majority of cost for compliance is on the technical side, but the majority of activities are on the procedural control side," said Chakrabarti.

In order for compliance systems to be successful, an "end-to-end" system for both digital and physical security must be in place.

Another challenge is deciding how security is implemented. Reports and recommendations from compliance software are often too complicated to be fully understood by management, leaving security decisions to IT departments.

Among the features in the latest version of CCS is a system that allows managers to review reports on what privileges exist and provides a special interface to let them decide which employees will be entitled to view certain reports.

"The business owner is the one who should decide these privileges, not the IT guys," explained Chakrabarti.

Symantec hopes that the new feature will allow managers to take more control over data security and better dictate just who can have access to certain files.

The latest version of CCS will be released on 14 May.