Intelligent data center cabling and Sarbanes-Oxley

What benefits, if any, would a end-to-end intelligent cabling solution for data center connectivity provide to companies with regards to Sarbanes-Oxley?

    Requires Free Membership to View

    Login

First, let me state categorically that I am not an expert on Sarbanes-Oxley compliance. I am aware of the demands and costs it has put onto IT departments in terms of record retention and audit trails, but, to my understanding, this is all an outgrowth of the SOX regulations with regard to audit accountability.

That having been said (and assuming my one-sentence summary is not overly simplified as relates to this question), I would have to say that the answer depends heavily on three things: the type of business you are in; the physical vulnerability of your cable plant; and the opinion of your compliance officer. Let me elaborate on my thinking, since I don't think there is an "absolute" answer to this.

I presume when you say "intelligent cabling solution" you are referring to one of the cable/connector manufacturers using something like an "iTRACS" type patch tracking approach. The potential advantage I see would be the ability to demonstrate to an auditor that no "confidential" information has been routed to an unauthorized user by means of inappropriate patching. If you are in a business where that kind of thing might be of concern and your physical security at patch points could be compromised (like you're sharing IDF rooms with other services) and someone might call this into question, then such a solution might make you look really good one day when the auditors come to call. Good audit trails, after all, seem to be one of the tenets of SOX compliance. There are a number of other potential IT management advantages to intelligent patching, along with the bothersome aspect of the special patch cables. But from the SOX standpoint, I think this is a decision that should be reached jointly between IT and Compliance after a thorough discussion of any physical vulnerabilities that exist, and the factors that prevent addressing them in any other way.

It might also be of interest to note that Belden has recently announced a patching solution that both color-codes and "keys" six different LC-type fiber jack versions so that one color cannot be patched into another. This won't do much for the station cable, which is still mostly UTP, but if you are dealing with a sufficiently high level of data security to justify separate switches for restricted network segments, this could help protect the optical side of your network from cross-patching as well.

This was first published in November 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top