Given all the fuss this week concerning government administrative issues related to Sarbanes-Oxley (SOX) requirements, now might be a good time to review the state of data governance.
While many would argue that SOX has added undue burdens to the cost of doing business, just as many would argue that the provisions of the law are more than justified because so many more companies are better run now with more transparent policies and procedures.
While court cases challenging the validity of SOX are likely to continue, the issue that IT organizations need to focus on is how to make compliance as painless as possible.
According to PacketMotion CEO Paul Smith, a company's level of pain is directly related to the tools for compliance. Smith says more companies put overly complex processes in place, many defined by the tools they employ.
If companies want to reduce the cost of compliance with SOX and other regulations, they need to take a hard look at their tools. In age where it's difficult to easily discern the differences between one data governance tool and another, Smith argues that companies need to do their own internal bake-offs to really determine which tools are not only the most comprehensive, but also make the overall process less intrusive.
In particular, Smith says IT organizations should be asking themselves how many man hours are spent managing each control, and are using tools from, say, a security vendor, that were never designed to allow business users, rather than IT people, to manage the compliance process.
Smith says he's confident that PacketMotion will stand up well against all comers in any bake-off that is based on dealing with the operational realities of compliance. Unfortunately, many IT organizations don't have the time and resources to conduct in-depth tests on compliance products. Too often, they just grab what is most readily at hand. And that's a shame, because the right tools can make all the difference.