Cloakware's Sarbanes-Oxley Compliance Position Paper Raises Red Flag on Administrator and Application Password Management

Business Wire, Dec 20, 2006

"Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance" Addresses Insider Threat Presented by Unattended Passwords

VIENNA, Va. -- Cloakware Inc., the world's leading provider of products and services to protect digital assets, today announced the availability of a new position paper, Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance.

The free paper provides assessment benchmarks to help readers determine if their organizations' current password management controls are adequate and also tackles the challenges of complying with key sections of the Sarbanes-Oxley (SOX) legislation, which are complex in nature for any IT organization to address.

SOX legislation outlines the controls that need to be in place to protect an organizations' financial reporting process. However, one of the most overlooked weaknesses of any IT system is the thousands of unmanaged, clear text passwords used by scripts and applications within the data center. This is a threat hiding in plain sight that puts all of the collected data that is the foundation of any organization's financial and business reporting at risk.

In today's environment of increased accountability, the ability to deliver both preventive and detective controls that contribute to SOX compliance is critical.

Cloakware's position paper addresses these issues by posing questions to:

-- Help determine how agile current password management procedures
   are, such as:
    -- How often are database passwords changed?
    -- Who has access to the passwords?
    -- On which occasions are passwords updated?
-- Bring to light possible SOX-related audit issues, such as:
    -- Do you use shared administrative accounts across your servers?
    -- If using either shared or unique administrative IDs, are
       the passwords unique?
    -- Can you definitively report which applications are permitted to
       connect with other applications, and the criteria under which
       connections are allowed?

One of the key findings of this position paper is that while Sarbanes-Oxley compliance demands far-reaching changes to the processes, practices and behaviors used to control financial data environments, many organizations still neglect the critical task of managing the passwords used within the data center by administrators and applications. This creates a significant weakness in IT controls for financial reporting.

"With federal legislation placing increased pressure on corporations to comply with mandated standards in the financial reporting process, the need to protect critical digital assets will not subside any time soon," said Alec Main, Cloakware's CTO. "Cloakware developed this position paper as a tool to help companies prepare a plan of action. Our goal is to serve as a complete resource for those turning their attention to the challenge of password management controls and to equip them to meet current mandates as well as evolving requirements."

To download Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance, visit the Cloakware web site at http://www.cloakware.com/whitepapers/121806/.> About Cloakware

Cloakware is the world's leading provider of products and services to protect digital assets. The company's software protection and anti-tamper solutions protect software, media, passwords and data from piracy and unauthorized access and use. Cloakware solutions are on hundreds of millions of devices, protecting the assets of some of the world's largest, most recognizable and technologically advanced companies. Cloakware's integrated software protection makes security inseparable from software. Partnering with Microsoft and in collaboration with Intel, Cloakware helps consumer electronics and Fortune 1000 companies and Federal agencies all benefit from reduced development costs, improved time to market and mitigated risks. The company is headquartered in Vienna, VA, and has offices in Ottawa, Canada and the UK, and regional sales offices throughout the US.

COPYRIGHT 2006 Business Wire

COPYRIGHT 2008 Gale, Cengage Learning