All the same, I get the sense that enterprises are shooting in the dark when it comes to demonstrating compliance or heading off an audit. The most common statement I heard at Interop was that users think regulators want to see consistent, detailed logs. Fair enough. Is that for both the ERP servers that handle orders and inventory and generate invoices, and for the email servers that deliver them? One retailer I talked to said email servers aren't material because they're more of a pipe than an actual system that requires monitoring.
While I find the logic there a bit dubious, I guess as long as it's consistently applied, it works. I suppose it's about as logical as this statement from the real estate agent who sold me my first house: "The IRS targets schoolteachers and clergy for auditing because they know they'll talk about them publicly and discourage others who might be tempted to cheat on their taxes," said the realtor (and former teacher).
Suburban legend or grounded in fact? Who knows. But it strikes me that data center professionals (and plenty of storage vendors) are on pins and needles, wondering where auditors and regulators are going to draw a line, any line. So-called experts like to point to the $15 million fine Morgan Stanley drew for its inability to produce archived emails in a timely manner. (See A Fine Mess.)
Was this the Martha Stewart case of storage compliance? It was headline getting; and to my realtor's point, it certainly got people talking. Was it the last big case? No, especially if privately-held companies get to join in the compliance fun.
Terry Sweeney, Editor in Chief, Byte and Switch
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
