If Sarbanes-Oxley for Government Arrives, Will YOU be Ready?

1
If Sarbanes-Oxley for Government Arrives, Will
YOU be Ready?

• Randy Wood Director, Public Sector Solutions

2
Agenda and Key Take Away Points

• Enterprise Message Management
• What We (Likely) Will Have to Do Regulatory
  Compliance
• Enterprise Message Management
• What (and Why) We Should Do Knowledge
  Management
• State Local Organizations Must Develop
  Strategies to Manage Electronic Collaboration
• Managing storing, archiving, securing,
  analyzing, exploiting
• Electronic Collaboration email, portals,
  instant messaging, IP telephony, etc

3
(No Transcript)
4
(No Transcript)
5
Today, I have made available tens of thousands
of documents to fully and voluntarily comply
with requests for information related to the
States preparedness for and response to
Hurricane Katrina
I hope that every federal agency involved with
this series of events will take the same course
of action and voluntarily make all of
itsrelevant documents and e-mailsavailable to
the media
6
Email No One Expected This!

• Email is exploding
• Business email growing 2530
• Worldwide Daily Email Traffic _at_ 84 Billion 33
  Billion of which is SPAM
• Attachment sizes growing
• Voicemail, video,
• Email is critical
• Email is 75 of corporate IP
• Email is in 75 of corporate litigation
• lt 35 of cos. have a retention policy
• Email is under attack
• Over 60 of email is spam
• 80 of viruses are via email
• Phishing and other new threats
• Unstructured Data Mgmt To Come Voice Mail,
  Video, IM, Sharepoint, VoIP

• Email has become the primary medium for how we
  communicate. The consequence is that email has
  become a de facto record repository.
• CIO Magazine, Jan 2005

7
Why Does This Matter? Information Availability
Coleman v. Morgan Stanley "The storage folks
found an additional 1,600 backuptapes in a
closet, explaineda Morgan Stanley executive.
1.45 billion awarded
Thomson v. US HUD precluded from introducing
into evidence in their case any of the 80,000
email records that were "discovered" during last
minute.
Anti-Monopoly, Inc. v. Hasbro, The law is clear
that data in computerized form is discoverable
even if paper hard copies of the information
have been produced.
Zubulake v. UBS Warburg Documents stored on
backup tapes can be likened to paper records
locked inside a sophisticated safe to which no
one has the key or combination.
8
And Thats Just The Beginning - Information
Security
9
Key Sarbanes-Oxley Sections

• Section 302 Officers of the company must make
  representations related to the disclosure of
  controls, procedures, internal controls and
  assurance from fraud.
• Section 404 Provide an annual assessment as to
  the effectiveness of internal controls in
  financial reporting and obtain an attestation
  from external auditors that the controls are
  effective.
• Section 409 - Disclose to the public on a rapid
  and current basis material changes to the firms
  financial condition.
• Section 802 -Ensure authentic, immutable records
  and retention
• Section 906 Ensure that the 10-Ks, 10-Qs,
  annual reports as well as periodic reports
  containing financial information complies with
  SOX, represented an accurate representation of
  the firms financial condition.

10
Sarbanes-Oxley Security Readiness

• Does NOT explicitly require information
  security
• DOES require Management certification and
  reporting of a companys internal controls for
  financial reporting
• The recommended hierarchy of controls does
  implicitly and explicitly require
  confidentiality, integrity, and availability
• 6 of firms believe they are ready for SOX
• 90 have active SOX projects
• 70 focusing on Section 404
• 53 will go through 404 ID projects
• 46 allocated funds 31 later 37 researching
  options
• Of 83 firms gt3.3B, first-year spend 5M-6M
  (FEI)
• 6,000 hours, 500K consulting
• Source Meta Group Security Implications of
  Sarbanes-Oxley

10
11
Ensure Authentic, Immutable Records and Retention
Secured Messaging helps customers to ensure the
health of their organizations increasingly
critical messaging infrastructure
Classify
Control
Capture

• Intercept all messages across protocols
• Evaluate messages based on content, headers,
  senders, reputation, etc.
• Determine message classificationSpam, virus,
  Confidential, etc.

• Take action based on defined policy by
  classification
• Eg. Quarantine, archive, encrypt, delete, alert,
  etc.

• Provide messaging audit trail from sender to
  archive
• Archive for analysis, recovery, Backup
• Deliver legal and compliance records

12
Email Management Technology Will Evolve.
EmailData Mining
EmailPolicy Mgmt
EmailDiscovery
Email Archiving
Keep Email Find It Again
Keep Bad EmailFrom Happening
Keep Email AsAn Asset
13
And Allow You To Manage The Rest Of Your Data.
UnstructuredData Warehouse
Digital CommsArchive
CollaborationArchive
Email Archive
Files, Sharepoint,Blog
VOIP,Voice Mail, Digital Fax
AnalyticApplications
14
Beyond Information Lifecycle Management
Solutions for Business-Technology Alignment
AMONG Software, Storage, Other Critical
Infrastructure and Business Processes Integrated
Intelligence to Create, Identify, Capture,
Organize and Leverage Organizational Knowledge
Decision Superiority
Information Context and Experience
Timely Accurate A Difference that Makes A
Difference
15
Knowledge Management

• A Definition Strategies and processes to
  create, identify, capture, organize and leverage
  vital skills, information and knowledge to enable
  people to best accomplish organization missions.
• NSA KM Definition, Adopted from American
  Productivity and Quality Center
• Transformation from information superiority in
  the industrial age to knowledge superiority in
  the information age
• Knowledge Management is About People and
  Intellectual Capital
• Human Capital Knowledge Repositories Lew
  Platt, former HP CEO, I wish we knew what we
  know at HP.
• Structural Capital Policy, Process, Culture,
  Heritage
• Relationship Capital Customer, Stakeholders

16
Enterprise Messaging Management
SMTP Gateway
SMTP Traffic
Microsoft Exchange IBM Notes Domino
IM Gateway
Microsoft LCS IBM/ Lotus SameTime Jabber
IMTraffic
Archive
17
If Sarbanes-Oxley for Government Arrives, Will
YOU be Ready?

• Randy Wood Director, Public Sector Solutions