BladeLogic

Products

Operations Manager

Compliance Manager

Even the best run data centers cannot systematically enforce policies. While servers may be initially provisioned to match a security or organizational policy, their configurations inevitably drift over time due to continual configuration changes driven by business demands. Regulatory compliance (e.g., SOX, GLBA, SAS 70, HIPAA, FISMA, PCI, etc.) poses even greater challenges.

Today, IT compliance measurement is a manual process that requires domain experts to implement security and regulatory risk management policies. Risk management policies set standards for security, configuration, and change control processes, attempting to ensure that all access controls are set correctly and that all changes are audited on a regular basis. From a compliance enforcement perspective it is a very laborious and time-consuming process. Add to this, the pressure of demonstrating existence of appropriate IT Controls from a regulatory requirements perspective.

IT Compliance therefore has to automate itself to address all three requirements of:

• Compliance Measurement
• Compliance Enforcement
• Controls Reporting

BladeLogic customers have lowered their operating costs by using Compliance Manager to automate:

• Vendor-driven vulnerability analysis and patch deployment
• Compliance Enforcement – The creation of security, regulatory, and corporate compliance policies. These policies can be based on best practices, vendor recommendations or IT governance control frameworks like COBIT
• Reporting on live and historical compliance based on the aforementioned policies
• The generation and deployment of remediation instructions for each policy
• Establishment, enforcement, and reporting on access controls to specific servers and configurations in the environment