Has IT governance been eliminated? Well, not exactly … but there seems to be a shift in approach. I recently returned from OPSWorld ‘07 at La Costa (yeah I know, tough gig) where I heard a keynote presentation by Stephen Elliott of IDC. One of the trends he highlighted was the elimination of IT Governance as a “procedure”. This struck a chord with me because it’s consistent with what customers are telling us. More and more IT organizations are viewing compliance and governance as by-products of fundamental IT control as opposed to separate processes. Rather than implement point solutions for PCI, SOX, internal audit and other requirements, the idea is to build pro-active, continuous control directly into the fabric of IT operations. Admittedly, this trend is good news for Solidcore because it dictates two key requirements for change control automation that we’ve recognized all along: - The need for real-time operation, and
- The ability to implement preventative controls.
Real-time operation means tracking all important change as it happens, continuously evaluating it against authorized policy and process, alerting immediately to any exceptions and reporting against controls on-demand. Preventative controls build on this real-time foundation by adding the ability to automatically assess a change to a critical infrastructure element before it happens, block that change if it doesn’t conform to policy and process, and record the change attempt. Taken together, these capabilities enable continuous, closed-loop change control that’s built directly into the infrastructure. I think the point is that any organization trying to solve a compliance problem needs think beyond the immediate issue at hand. What is the next control challenge? Will the solution you’ve put in place to solve today’s problem scale to broader problems? If it lacks real-time and preventative capabilities, chances are it won’t. by
Bob Vieraitis
VP Marketing
bobv@solidcore.com | 
