IDC: 'Users, Do Your Homework'

Sarbanes-Oxley (SOX) compliance is set to be a major cash cow for vendors, but users shouldn't fall for slick marketing when it comes to compliance, warns analyst firm IDC.

Today alone, Trusted Edge, Inc., Solutionary Inc., and Procera Networks Inc. all unveiled offerings designed to take the regulatory strain off data centers (see Trusted Edge, CSG Team on Compliance, ActiveGuard Enforces Compliance, and Procera Unveils Compliance Appliance).

In many respects, it is still early days for SOX compliance. Although the deadline has already kicked in for Americas largest firms, last week the Securities and Exchange Commission (SEC) threw a lifeline to what are known as non-accelerated filers (firms with a market cap of less than $75 million). These businesses must now comply for their first fiscal year ending on or after July 15, 2006, a one-year extension on the previous deadline (see SEC Extends Sarbanes Compliance).

But, with the deadline extension, Kathy Wilhide, director of compliance solutions at IDC, is urging firms to do more than just read labels on technology aimed at SOX compliance. She says enterprises ought to evaluate how a vendor has done with other SOX situations before committing hard dollars. "The value proposition isn't going to come from the vendors, it will come from the real world," she says.

Given that businesses with a $75 million-plus market cap have been working to a much earlier compliance schedule, there should be plenty of opportunity to study the technologies they've deployed.But this will also influence how vendors sell their compliance products, says Wilhide. Increasingly, they should look to provide customer references that can show their technology’s value proposition.

Which technology (or combination of technologies) businesses choose will depend on their specific circumstances and standing IT setups. Managed services could be a good choice for companies with limited IT resources, but compliance software, for others, could be the final piece in the data center jigsaw. Much will depend on whether a company possesses the requisite skills in-house to support the technology.

The third option, as espoused by the likes of Procera, LogLogic Inc., and Network Intelligence Corp. is to deploy a device within your data center to deal with compliance issues.

Appliances are being touted as a good option for firms lacking the resources to deploy and support specialist software across their servers. The thinking is that appliances, for many users, are both easier to set up and support. Additionally, the devices could also help firms estimate their compliance costs (see LogLogic's Compliance Appliance).

— James Rogers, Site Editor, Next-Gen Data Center Forum0