ISACA | December 22, 2021
As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.
During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks:
The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance.
Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts.
Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification.
During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit. The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups.
Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication. This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including:
Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants
Aligning with COBIT 2019 Focus Area: Information & Technology Risk
Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019
Highlighting technological innovations and their impacts on auditing IT controls.
The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices. ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.”
Robin Lyons, IT Audit Professional Practices Lead
For more than 50 years, ISACA has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.
Datometry, | May 21, 2022
Datometry, the pioneer of database virtualization, announced today that a leading integrated container logistics company has completed a critical milestone of its data platform modernization with Datometry Hyper-Q. Using the Datometry Hyper-Q virtualization platform – the first to make existing applications fully interoperable with cloud databases without disrupting existing business processes – the company migrated from their on-premises system to Microsoft Azure Synapse in record time.
The logistics company, ranked within the Forbes Global 2000, sought to migrate from its legacy, on-premises data warehouse – which was known for being one of the most complex and sophisticated installations of its kind – to a modern cloud data warehouse (CDW) that is cost effective, highly scalable, and supports the flexibility and speed demanded by its customers' supply chains. The company needed a solution that would enable it to maintain its existing high-volume ETL processes and simultaneously serve a large user community of business analysts and data scientists.
Datometry Hyper-Q uniquely addressed its customer's business objectives, enabling the logistics leader to transfer its existing applications natively to Azure Synapse without costly rewrites of SQL code, at a fraction of the time and risk associated with typical database migrations. The customer saved tens of millions by migrating with Datometry, and its new, fully managed CDW is much more cost-effective to operate than its legacy database. The customer was able to preserve its long-standing investments in ETL, analytics, reporting and BI entirely.
As a global pioneer in ocean and inland shipping, our customer – arguably the worldwide leader in logistics - has long been on the forefront of organizations' ability to meet the needs of businesses - and those businesses' customers - worldwide. An enterprise the size and scope of this customer migrating to the cloud with Datometry and Microsoft so quickly, without the cost and risk of a typical migration, demonstrates how database virtualization can unlock the benefits of the cloud for any organization."
Mike Waas, CEO, Datometry.
Datometry's customer considered a conventional database migration at first, but decided on Datometry for its digital transformation upon determining a conventional migration would take at least five years, cost several tens of millions of dollars, yet present only a 20% chance of success.
Datometry Hyper-Q is used by leading Fortune 500 and Global 2000 enterprises to accelerate cloud modernization and move workloads between data warehouses. The Datometry Hyper-Q virtualization platform eliminates risk-laden, expensive, and time-consuming application rewrites.
Datometry is the global leader in database system virtualization. Datometry empowers enterprises to run their existing applications directly on the cloud database of their choice without the business disruption of costly and risk-laden database migrations and application rewrites. Leading Fortune 500 and Global 2000 enterprises worldwide realize significant cost savings and consistently outpace their competition by using Datometry during this critical period of transformation to cloud-native data management.
VIRTUAL DESKTOP STRATEGIES
Red River | June 16, 2022
Red River, a technology transformation company serving government and enterprise customers, today announced it has achieved the Microsoft Azure Virtual Desktop (formerly Windows Virtual Desktop) advanced specialization, validating the Company’s deep knowledge, experience and expertise in deploying, scaling, and securing virtual desktop infrastructure on Azure.
“Red River continues to invest in its technical capabilities through certifications, specializations and employee development, We are excited to have earned the Azure Virtual Desktop advanced specialization from Microsoft, adding to our portfolio of advanced specializations and validating our ability to leverage Azure technologies to drive positive business and mission outcomes for our customers.”
Jason Waldrop, President of Managed Services at Red River
Supporting secure remote work for employees is more critical than ever. Microsoft Azure Virtual Desktop is a Microsoft solution that seamlessly integrates with other Microsoft products and allows customers to implement virtual desktops in a scalable, secure, and cost-effective way. Partners with validated capabilities in implementing Azure Virtual Desktop can help customers deploy and navigate the licensing efficiencies it offers to deliver the solution that is most efficient for their organization.
About Red River
Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in security, networking, data center, collaboration, mobility and cloud solutions.
Absolute Software | February 04, 2022
Absolute Software, a leader in self-healing Zero Trust solutions, announced the company’s secure access product, NetMotion Mobility 12.14, has achieved Common Criteria Evaluation Assurance Level (EAL) 4+ – the highest certification level recognized internationally under the Common Criteria program for software products. Absolute is the only network solutions provider to achieve this certification across Android, iOS, macOS, and Windows for its Virtual Private Network (VPN) technology.
The certification demonstrates that NetMotion Mobility continues to meet the highest level of security requirements and satisfies the complex security needs of national and enterprise customers. Achieving Common Criteria EAL4+ certification, which is considered the gold standard for government-grade security, reaffirms Absolute’s commitment to delivering products that meet or exceed stringent international security standards.
Absolute’s secure access solutions are designed specially for the remote workforce, enabling resilient connectivity to mission-critical mobile applications and data. Absolute is the only provider to offer Resilient Zero Trust Network Access (ZTNA) alongside a VPN solution, enabling organizations to leverage the same secure tunnel to gradually adopt ZTNA while also retaining an enterprise VPN to be used when needed.
Our secure access products enable thousands of organizations worldwide – including public safety agencies, governments, and enterprises – to provide remote access through VPN and ZTNA in a way that actively improves the employee experience, and assures maximum security and uncompromised productivity. With the number and severity of threats posed by careless or malicious insiders, cyber criminals, and nation-state actors at an all-time high, we believe our continued investment in this evaluation and certification process is critical to being a leading, trusted security provider.”
John Herrema, Executive Vice President of Product and Strategy at Absolute
Common Criteria (ISO 15408) is regarded as an international benchmark for IT product security certification and is mutually recognized by 31 member countries in the Common Criteria Recognition Arrangement (CCRA), including Australia, Canada, France, Germany, Italy, Japan, Spain, Sweden, the United Kingdom, and the United States. The Common Criteria is a framework that provides assurance that the process of specification, implementation and evaluation of a computer security solution has been conducted in a rigorous, standard, achievable, repeatable, and testable manner at a level that is commensurate with the target environment for use.
About Absolute Software
Absolute Software accelerates customers’ shift to work-from-anywhere through the industry’s first self-healing Zero Trust platform, helping to ensure maximum security and uncompromised productivity. Absolute is the only solution embedded in more than half a billion devices, offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network access to help ensure their cyber resilience tailored for distributed workforces. Trusted by nearly 16,000 customers, G2 recognized Absolute as a leader in Zero Trust Networking in the Fall of 2021.