Guide to Network Auditing and Compliance

Key issues to consider before buying into network auditing, compliance tools

Not all network audit and compliance technologies are created equal. IT organizations should consider a few criteria before investing in a tool.

Agent-based vs. agent-less: As with most management products, compliance management tools may require an agent on or near the environment being monitored. Depending on the budget and labor allocated GRC, IT executives should determine if agent-based or agent-less technologies are a better fit for their environment.

Third-party system support: Most GRC tools must collect data across multiple network devices and systems to learn and maintain the compliance profile of the environment. Check with vendors to see if they have hooks into specific infrastructure or application environments and ask how much integration work will need to be done upfront to start managing compliance.

Best practice framework intelligence: IT organizations embarking on compliance efforts can sync up those efforts with IT process improvement initiatives already under way. For instance, if a company is tackling ITIL, COBIT, Six Sigma or Capability Maturity Model, IT executives should ask potential GRC vendors if they have incorporated any of that process expertise into their products.

Vertical industry alignment: Depending on the nature of the business, tools designed to address regulations in financial services, manufacturing, retail or other industries can help IT shops get up-to-speed faster on what is required for compliance. Some vendors also focus on multiple regulations required for specific industries, which can help IT executives tackle these with one tool.

Regulatory requirement insight: In the same vein of industry alignment, companies looking to comply with one regulatory requirement, such as SOX, can turn to vendors specializing in that area. Such tools can report on the environment and data collected from it in the format auditors require for specific regulations.