IM Your SOX Off
A study reference I just saw pointed out a glaring hole in corporate Sarbanes-Oxley compliance. OK, SOX holes glare all over, but Instant Messaging compliance in this study caught my eye. 52 percent of respondents said they used employer-provided IM systems, but 78 percent said they used a free download like AOL, Yahoo, or MSN. Blame the 2004 Workplace E-mail and Instant Messaging Survey sponsored by the American Management Associates and the ePolicy Institute for the overlapping user numbers.
The hole? Corporate IM applications keep history files that comply with SOX and can be archived, searched, and monitored to some extent. AOL, Yahoo, and MSN do not. That failure spells SOX problem.
One quick answer? Skype (.com) for IM. They call it Chat, but it's Instant Messaging. And while I don't want this to look like a Skype-fest, at least the Skype IM allows a huge number of IM conversations (50) and keeps a text file history. Every user keeps their own history file by default unless the user changes the configuration.
Strongly suggest all IM sessions for internal use be through Skype, and remind IT people and executives to archive their IM text history files. This will show SOX acquiescence even if many other employees still use AOL et al to each other and the outside world. Good faith use of Skype internally may reduce the pain of a SOX audit one of these days.
Yes, SOX is a giant PITA and won't deter the malfeasance it's aimed to stop. "Hey, all executives at the clandestine meeting to artificially boost your revenue numbers to inflate stock value, please keep good notes, archive same, and list all attending employees." Yeah, that will work, just as well as mandating "all insider stock trading conversations must include a SOX disclaimer and tracking number for future prosecution." Stupid and ridiculous, but it's the law.
So executives keep talking clandestinely and we keep having to follow bizarre and burdensome SOX rules. At least show the SOX Police that you're making an honest effort with IM by using Skype and keeping your sessions archived until you get a real corporate IM application. That's the kind of semi-useful compliance that may keep your SOX pain to a minimum.
ITworld.com, Enterprise Networking
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
