In Tuesday's bMighty Blog post on security, Paul Korzeniowski highlights a recent product release from LogLogic as evidence that the emphasis on and tools for compliance are filtering from the larger enterprises into small- and medium-size businesses:
LogLogic recently announced four appliances designed for small and medium businesses with starting prices of $37,500. "The major advantage with LogLogic's new products is they are prepackaged for specific tasks, such as Sarbanes-Oxley), so companies can more easily add them to their networks," stated Michael Cote, an analyst with market research firm Redmonk.
Korzeniowski notes that the appliances are nice because they save the smaller companies time and money that they would have spent customizing the compliance software. However, he wonders whether the company will survive long term given that compliance has become a broad term that addresses several different processes in addition to log management. And then there's the fact that not many companies are aware of the need for log management as an element of compliance.
It's true that there is a lack of awareness surrounding the need for log management. But LogLogic's Anton Chuvakin and others are working to remedy that. However, I also agree with Korzeniowski's implication that companies focusing on single point solutions in the compliance arena may not do so well if they don't acknowledge the fact that many customers -- small businesses, large enterprises and everything in between -- see compliance generally -- be it Sarbox, HIPAA, data privacy requirements, or one of so many other regulatory schemes -- as part of a larger risk management strategy.
It no longer makes sense to have separate pieces of technology for each business process subject to legislation, regulation or industry standard, or to have separate systems for each law, regulation or standard to which a particular business is subject. To the extent possible, companies want compliance technology that can address all of the requirements they face. Moreover, they want that technology to integrate seamlessly with infrastructure -- to disappear, in a sense. A bunch of disparate point solutions cobbled together aren't going to accomplish that.