SkyView Launches Security Compliance Reporting Service
May 22, 2012 Alex Woodie
Companies that are struggling to find the resources to meet their security and compliance reporting requirements may be interested in a new managed services offering unveiled yesterday by SkyView Partners. As part of the Managed Services for Compliance Reporting (MSCR) solution, SkyView will do much of the hard work associated with maintaining security policies, addressing exceptions, and managing compliance for IBM i and AIX servers on an on-going basis.
When a company faces a new regulation such as PCI or the Hi Tech Act for the first time, there’s usually a big push on the part of the IT department to get everything squared away in the eyes of the auditor, according to SkyView CEO John Vanderwall. But the high energy level and excitement over the auditing process doesn’t last long.
“We know that as soon as the audit is done, the process tends to shift down on the priority list until it’s time for the next audit,” he says. “The auditor isn’t happy when the organization can’t produce records of consistent application of their processes. Of course, this causes the organization to come under more scrutiny.”
SkyView launched MSCR to help companies break that cycle of regulatory neglect with an outsourced service. As part of the offering, SkyView technicians will install its products on customers’ systems, including Risk Assessor for IBM i, Policy Minder for IBM i, and Policy Minder for AIX, and monitor the reports they generate.
There are two types of reports generated by the MSCR service: security and compliance. On the security side, SkyView will perform one free security vulnerability assessment every year. Additionally, every month it will perform check-ups of five aspects of the customer’s IBM i security configuration, such as managing inactive user profiles, managing user profiles with elevated permissions, detecting default user passwords, and monitoring access control settings on a file. Customers can purchase additional checks.
On the compliance side, SkyView software will generate reports on a regular schedule, which could be monthly, weekly, or even daily. It’s SkyView’s responsibility to check these reports (stored on the IFS drive of the customer’s IBM i server) for any signs of non-compliance. If non-compliance is detected, SkyView contact the IT department immediately and pinpoint the issue so they can deal with it, Vanderwall says.
Making security and compliance reporting the responsibility of SkyView experts will make fiscal sense for some companies, Vanderwall says. “Rather than having someone on staff to do all this work and monitoring, you can have us do it and respond only when a ‘non-compliant’ issue happens,” he says.” This will free up precious IT resources to concentrate on the things that make organizations money, rather than worrying about compliance reporting and issues on a daily, weekly, or monthly basis.”
The offering starts at $350 per month per LPAR. For more information, see www.skyviewpartners.com.