Sarbanes-Oxley (SOX) compliance like other compliance regulations requires a company, some kind of process to manage IT infrastructure, either manually or in automated manner. The ideal process for meeting compliance regulations posed by SOX is through process automation. With SOX compliance, companies would no longer be able to go ahead by managing IT infrastructure in ad-hoc manner.

An automated and effective change and configuration management software must have features which could deliver all the requirements posed by SOX compliance. Following are requirements (SOX Section 404) vs features to be present in such product managing change and configuration:

• Company-level control including corporate governance, enterprise policies, and information sharing: The change management product should provide answers to all of the following:
  
  1. Who is owner of what IT infrastructure?
  2. Who is responsible for change?
  3. Who could change the configuration?
  4. How many change has occured?
  5. Are all best practices met?
  
  

• Application control for ERP/financial systems and other specialized applications covering areas such as validation, accuracy, authorization etc: The configuration change management product should be able to do the following:
  
  1. Are all softwares up-to-date?
     
  2. Have any licences expired?
     
  3. What IT infrastructure do I have?
  4. Are best practices enforced and met?
  
  

• IT general control: The change, configuration management software must be able to provide following features:
  
  1. How many change have occured over last scheduled time?
  2. Knowledge of controlled access of computer programs?
  3. What configuration must not be subjected to change?

Before you boil down to a product managing change and configuration, note down the following two points:

• That change detection is a key feature.


• That the rule compliance, rule enforcement is the key feature.

Both the above features are very essential to managing configuration of any distributed applicat ion. Automation is one thing that you should also watch out for. If you get the change tracking and rule enforcement done without much intervention, nothing like managing configuration in automated manner.

Companies using wireless network could no more afford to take the wireless network infrastructure configuration management, the easy way. Why? Very simple. It is the compliance regulations such as SOX, HIPPA posed on such companies which would force them to give top attention to wireless network security and the associated strategy related to managing of change and configuration data.

Any and every change in wireless-enabled application's configuration needs to be carefully monitored and acounted for. And all kinds of change should be properly audited by concerned IT staff before allowing the change of any type in any configuration to be accepted universally.

SOX stands for Sarbanes-Oxley Act and HIPPA stands for Health Insurance Portability and Accountability Act.

Simply speaking, companies using wireless-enabled applications would definitely need a product to track change and configuration. Failing to meet compliance regulations posed by SOX and HIPPA could pose stiff and legal penalties on these companies. These company would have to definitely look out for a vendor offering software based on change and configuration management.

Following are the most important points that a company would like to take care of:

• All user devices must be tested and certified by the IT staff prior to being connected to the wireless network. This demands the change management software to track and record any change made in any device. Change detection is the key.


• All wireless-enabled applications must pass security and
  performance requirements prior to being deployed. This requires the change and configuration management product to manage all the change in important configuration parameters/data related to the application.


• All wireless-enabled applications must have a designated owner. The product must track the owner through auditing reports. Thus, any software claiming to manage change and configuration data should and must provide nice reports.

Wireless security & compliance regulations & Change & configuration management

Big brothers such as CA, IBM, HP are waiting and watching in order to acquire a product related to change and configuration management. This is so surprising to see that there are no acquisitions in this space. And, one thing is sure that big brothers won't be interested in reinventing the wheel. They are waiting for market leader to emerge. So, they would definitely acquire one of the leaders in products dealing with managing of change and configuration of the system. Only time would tell who would be acquired by whom?

Following are three companies who has just entered in some kind of partnership relationship with IBM Tivoli:

• Cendura Corp. (Cohesion)


• Relicore Inc. (Clarity)


• Collation Corp. (Confignia)
  

Is IBM targetting one of the above companies for acquisition of products related to managing change and configuration? God knows! And, how about Computer Associates and HP? But, big brothers would absolutely do everything to eat big chunk of cake having top layer cream of change and configuration :) and be a leader in the space related to managing of  of change  ;and configuration. Lets wait and watch the market space dealing with change and configuration product!

BMC Remedy delivers Change and configuration management(CCM) solution to manage change and control on IT infrastructure. The CCM solutions acheives the management of following recommended by ITIL standards for ITSM:

• Change Detection


• Release


• Configuration

The CCM solution does the following tasks:

1. Identify - Discover the IT environment


2. Respond - to the needs of changing business and IT requirements.


3. Control - Enforce the rules to control all business critical configurations in the IT environment.

The CCM consists of following three modules:

1. Process-based Change detection solutions


2. Policy-based Configuration Automation solutions


3. Business-aware Discovery and Detection solutions

The CCM solution takes advantage of a common source of information in a CMDB. Read more on change and configuration management.

• Discovery


• Rule compliance


• Change detection


• Configuration


• Auditing using reports


• Dependency visualization mapping

• Agentless application discovery


• Imporved business alignment


• Reporting by association of business attributes


• Change detection dashboards


• Import and export capabilities

Cohesion basically deals with change detection. It uses change detection for control and troubleshooting. It manages configuration for softwares and hardwares and helps in troubleshooting if somebody change one of the configuration parameters. Let us see how Cohesion 3.5 performs as change and configuration management product in the market? Best of luck!:)

• Install and play around with it to understand the value that would be added to your business.


• Check the related security issues. Is it agent-less or agent-based product? Understand the cost and time involved in deploying the product in the data centre.


• Select agentless one if you do not want it to be intrusive. However, if you want deep knowledge about your environment, you could as well go for agent-based.


• Ensure that it is vendor independent. It should also provide you with the flexibility in managing softwares, hardwares and networking devices.


• Check if configuration management is provided for a wide scope of configurations.


• Check if rule compliance engine is provided using which you could enforce rules on certain important configuration parameters.


• Check if the reporting infrastructure is provided using which you could do the audit of IT infrastructure. Periodic auditing of configuration parameters should be possible.


• Check the intuitive nature and has well defined work-flow.


• Check if the change detection engine is provided. Change of configuration parameters over a period of time should be detected and recorded.