Is Sarbanes-Oxley Evil?
TechCrunch definitely seems to think so. So what’s Sarbanes-Oxley? Also known as Public Company Accounting Reform and Investor Protection Act of 2002, SOX or Sarbox, enacted on July 30, 2002. It’s purpose was to prevent major disasters such as Enron or WorldCom. Through its stipulation it also enforces some specific requirements on security policies, thus most endpoint security solutions try to help cover this aspect, some better than others.
While complying with SOX is mandatory in the US, it also works as a marketing tool for endpoint security solutions on other markets. This positioning, as legally and international standard compliant, helps developers sell their product easily.
So what’s wrong with SOX? According to TechCrunch, all flaws are related with business strategy aspects and not with security policies. The main problem is that SOX affects the way companies can prepare and have their initial public offering (IPO), fact that causes them to turn to either mergers instead of IPOs or to getting listed on foreign stock exchanges. They can always wait for 12 years to get listed or entirely give up the going public idea. All these because of huge compliance costs that most businesses can’t really afford.
It would be interesting to see if there other voices will rise agains SOX and how it will be changed in the future, business and security wise.
