Enforcive’s Cross-Platform Security Mandate
December 9, 2014 Alex Woodie
Auditors don’t really care what kinds of servers you run in your institution–they just want to be sure their security settings are set appropriately and the exceptions duly noted. Now, thanks to the new Cross-Platform Compliance offering from Enforcive, organizations can automatically monitor their compliance with security policies across IBM i, AIX, Linux, and Windows systems with a single tool.
Enforcive’s new CPC offering, which it launched two months ago, is modeled on its Policy Compliance Manager for IBM i tool. That tool helps hundreds of IBM i shops around the world monitor their adherence to security policies, and ensure that any deviations are sufficiently logged. But few IBM i shops run just one type of server anymore, and so Enforcive developed similar security compliancy capabilities for Windows, Linux, and AIX systems and SQL Server and Oracle databases too.
Users get started with the CPC offering by defining their security policies on each system and storing them as templates. Administrators can then configure the CPC tool to automatically run reports that measure a system’s changing security posture against these baseline templates. When discrepancies are found, CPC flags the changes, and gives the administrator the option to re-align the security settings with the security policy with just a few clicks of the mouse, the company says.
This approach alleviates administrators of the burden of manually checking all of the various security settings across all of their server platforms, which could be a monumental task in a mid-size or large enterprise. By automating the process of checking various security areas–such as the strength of password settings, the authorities granted to privileged users, or the access controls set up for sensitive folders–Enforcive promises to save administrators a lot of time.
What’s more, Enforcive saves the administrator even more time by offering a collection of templates in CPC that lay out the specific security settings recommended for various regulations, including SOX, Basel III, HIPAA, COBIT, PCI DSS, ISO 17799, and others. The compliance checks can be set to run on a regular basis and automatically emailed to groups of users, helping organizations ensure their proper adherence to the “circle of compliance.”
Shimon Bouganim, CEO of Enforcive, says regulatory compliance has had a major impact on his customers. “Many organizations had to assign significant IT resources to this subject and even to establish departments dedicated to assuring the regulatory compliance,” he says. “By providing comparisons between the IT environment and required policy, the CPC has automated proving the controls required by regulations. As such the CPC can generate major savings in time spent on compliance efforts. It also enables organizations to refocus IT personnel on other crucial responsibilities within the organization.”
The new CPC offering integrates with Enforcive’s Cross-Platform Audit (CPA) offering, which provides a centralized and automated management of activity occurring in logs and databases. Enforcive, which is based in Israel and has an office in New Jersey, also offers professional installation services for CPC. For more info, see its website at www.enforcive.com.