SARBANES OXLEY (SOX) ACT
COMPLIANCE REQUIREMENTS

Vormetric Data Security Solutions

Sarbanes Oxley Act (SOX) and Compliance Requirements for Protecting Data-at-Rest

The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on 30 July 2002, which sets standards for all US public company boards, management and public accounting firms. The primary sections of the SOX Act that concern protecting data are SOX Act sections 302 and 404.

Data protection compliance requirements in both SOX Act sections 302 and 404 are most concerned with the accuracy and content of required financial reports.

Sarbanes-Oxley Act section 404 has two major compliance requirements:

  • Management is accountable for establishing and maintaining internal controls and procedures that enable accurate financial reporting, and assessing this posture every fiscal year in an internal control report.
  • Public accounting firms that prepare or issue yearly audits must attest to, and report on, this yearly assessment by management.

Sarbanes-Oxley Act section 302 expands this with compliance requirements to:

  • List all deficiencies in internal controls and information, as well as report any fraud involving internal employees.
  • Detail significant changes in internal controls, or factors that could have a negative impact on internal controls.

But what does this mean in terms of SOX compliance requirements to protect data for public companies?

  • Any financial information needs to be safeguarded, and its integrity assured.
  • Specific internal security controls need to be identified that protect this data, auditing must take place, and this security posture re-assessed every year – including any changes or deficiencies as a result of changing conditions.

Vormetric provides key portions of the solution to Sarbanes-Oxley compliance problems, providing security controls that enable organizations to safeguard and audit the integrity of financial data across widespread heterogeneous infrastructures. These include virtualized environments and cloud implementations, with big data usage as well as within traditional data centers against a broad range of threats against data.

The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to financial data. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Vormetric details who accesses data, leaving a clear audit trail, and enabling extended security controls warranted by today’s threat environment for recognizing compromised accounts when combined with a SIEM or Big Data for security implementation.

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection from data breaches by limiting data access to only personnel and programs authorized to do so, and provide the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

This single platform solution to multiple data protection needs helps organizations meet Sarbanes-Oxley compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

2016 DATA THREAT REPORT

Learn About Trends in Encryption and Data security

Protect What Matters

2015 witnessed an increase in the number and intensity of data breaches. From high-profile attacks against government agencies...

Download >>

ANALYST REPORT

Encryption as an Enterprise Strategy

Vormetric Data Security Platform

Offers survey results and analysis on creating an enterprise-wide encryption strategy.  

Download >>

CUSTOMER QUOTE

 We are a rapidly expanding and dynamic business, and the flexibility Vormetric provides is crucial to the bank: It’s a solution that grows with us and allows us to securely maintain our data at all times 

Daryl Belfry
Director of IT
TAB Bank
Read the Case Study: Download

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental