The Evolution of Compliance Technology

Lora Bentley

In Tuesday's bMighty Blog post on security, Paul Korzeniowski highlights a recent product release from LogLogic as evidence that the emphasis on and tools for compliance are filtering from the larger enterprises into small- and medium-size businesses:

LogLogic recently announced four appliances designed for small and medium businesses with starting prices of $37,500. "The major advantage with LogLogic's new products is they are prepackaged for specific tasks, such as Sarbanes-Oxley), so companies can more easily add them to their networks," stated Michael Cote, an analyst with market research firm Redmonk.

Korzeniowski notes that the appliances are nice because they save the smaller companies time and money that they would have spent customizing the compliance software. However, he wonders whether the company will survive long term given that compliance has become a broad term that addresses several different processes in addition to log management. And then there's the fact that not many companies are aware of the need for log management as an element of compliance.


It's true that there is a lack of awareness surrounding the need for log management. But LogLogic's Anton Chuvakin and others are working to remedy that. However, I also agree with Korzeniowski's implication that companies focusing on single point solutions in the compliance arena may not do so well if they don't acknowledge the fact that many customers -- small businesses, large enterprises and everything in between -- see compliance generally -- be it Sarbox, HIPAA, data privacy requirements, or one of so many other regulatory schemes -- as part of a larger risk management strategy.


It no longer makes sense to have separate pieces of technology for each business process subject to legislation, regulation or industry standard, or to have separate systems for each law, regulation or standard to which a particular business is subject. To the extent possible, companies want compliance technology that can address all of the requirements they face. Moreover, they want that technology to integrate seamlessly with infrastructure -- to disappear, in a sense. A bunch of disparate point solutions cobbled together aren't going to accomplish that.

Add Comment      Leave a comment on this blog post
Mar 19, 2008 11:05 AM Dominique Levin Dominique Levin  says:
Your comments on our announcement are quite thoughtful and it is true that a more comprehensive approach to compliance is required. It is our prediction that a top-down risk-based approach to compliance will happen first in the large enterprise and second in the mid-market. Anton published an article today in SC Magazine making the case for a unified approach to GRC, which can be accomplished by integrated best-of-breed technologies through web services (SOA) to avoid vendor lock-in Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.