Action Identity Blog

As technology continually integrates with the modern workforce, user-related issues are bound to arise.  Companies are eternally at odds with finding the balance between safety and efficiency.  This becomes particularly troublesome in the field of healthcare.  Healthcare is the one industry where strict compliance rules often interfere with the ability to readily retrieve critical data, such as patient information.  However, a healthy balance does exist in today’s world.

Read more...

In our last post How IAM Helps with Sarbanes-Oxley (SOX), Part 1, we covered the parts of the SOX law that can be attained by implementing an identity and access management (IAM) solution. In the previous post, we talked about the first three buckets that auditors look for in SOX compliance findings, including confidentiality, integrity, and availability. 

Read more...

Sarbanes-Oxley (SOX) was signed into law back in 2002.  SOX is aimed at giving investors confidence in the financial data provided by the company.  The key part of the SOX act is in Section 404.  Section 404, titled “Management Assessment of Internal Controls” requires management to take responsibility for the integrity of their financial information.  To accomplish this, IT processes, procedures, and systems must be evaluated to provide evidence that the company has kept sensitive data secured.  While IT is not specifically addressed in the legislation, it is implied.

Read more...

I recently read an article from local, technology-focused periodical that was recruiting nominees for “Technology Entrepreneur of the Year.” As I was reviewing last year’s winner, I noticed something intriguing. The winner works for a company that takes disparate spreadsheets of information from different software providers and connects them so there is one, complete view of the information on just one screen. I was shocked to see that this software company’s CEO first wrote the program in 2001.

Read more...

Passwords and security risks are a major concern for a lot of growing businesses today, especially those who have or hold access to sensitive information such as police stations, court houses, hospitals and clinics. Many of these organizations use some sort of directory system like eDirectory or Active Directory to maintain their users’ authentication and authorization into the internal network and various databases. Each organization also maintains the password policies for their users (i.e. Expires every 45 days, Must be 7 characters, Must have one number, etc…). With a growing number of applications follows an increased number of passwords, which poses difficulties in managing.  

Read more...