Sarbanes-Oxley Act (SOX)
The Public Company Reform and Investor Protection Act of 2002, also known as the Sarbanes-Oxley Act (SOX), is today a top priority among US public companies. In response to allegations of dubious financial accounting practices culminating in major corporate scandals, SOX was implemented to establish good corporate governance and to restore confidence in the US public markets.Section 404 of SOX requires top management to establish an adequate internal control structure and include an assessment of its effectiveness in the annual report. Additionally, an external auditor needs to verify the management assertions. For accelerated filers Section 404 became effective for fiscal years ending on or after November 15, 2004, while all other public companies were affected for the fiscal year ending on or after July 15, 2005.
The SSH Tectia solution helps public companies implement technical control objectives related to systems security as a part of the SOX Section 404 compliance directive. By incorporating confidentiality, integrity, and authentication as security services within the corporate network, the SSH Tectia security platform enhances financial reporting reliability by preventing illegitimate modification of financial data, or unauthorized access to accounting information. Strong user authentication, optionally based on smart cards or other hardware tokens, ensures that authorization decisions are based on the true identities of users, which eliminates the risk of unauthorized data access.
The SSH Tectia solution protects business-critical applications by providing a transparent security layer for networked applications, encrypting data traffic end-to-end between a workstation and a server, or between servers. Business application protection offers security against common network attacks by providing a trusted path for critical information, including financial reporting data, while it travels in the corporate network.
All these security controls can be implemented without the need to re-engineer or modify the original business applications, configurations, scripts or the end-user experience, resulting in a completely transparent security solution that can be deployed cost-effectively with minimal engineering or retraining costs.
Secure remote administration allows system administrators to manage servers in large and heterogeneous network environments. Various system administration operations, such as software installation, often require high system privileges allowing broad access to different type of data.
Centralized management and auditing capabilities enable organizations to implement effective auditing and control practices that include system administration operations. Server access log data is centrally stored in the management system database, facilitating reliable auditing of access and authentication data on an on-going basis. Additionally, all administrator sessions can be recorded for auditing and troubleshooting purposes.
