Compliance, Schmliance

It seems like the whole email security industry has bolted on a "compliance" piece to anti-spam/anti-virus offerings. Variously, they promise to instantly protect you against infringing regulations such as HIPAA and Sarbanes-Oxley. They almost make it sound like magic.

Of course, life’s not quite that simple. The catch is that interpretations of the various regulations vary, and there’s little or no case law to help guide the legal profession. When organizations ask their legal counsel what they should do, they often get answers that are so carefully couched with ifs-and-buts-and-disclaimers to actually mean very little in practice.

It would be too cynical to say that the best argument for implementing today’s compliance products is to be seen to be doing something about compliance. However, if it’s alleged that you’ve fallen foul of a regulation, the act of implementing a packaged compliance product helps show that you’ve not been negligent. The bottom line is that compliance is a good thing for your business, and such regulations encourage organizations to do the right thing by automating best practices.

Richi Jennings, with thanks to Peter Robinson of Bell Security Solutions, Sue Abu-Hakima of Entrust, and Howard Price of Symantec

Post a comment

You must be logged in to post a comment. To comment, first join our community.