By Lex van den Berghe LogLogic Customer Evangelist   LogLogic’s customers and their stories are the lifeblood of my job, and I never tire of their real-world tales from ‘the trenches.’ Case in point: I recently sat down with a LogLogic customer, one of the largest equity firms in the world, to discuss Sarbanes-Oxley (SOX) and database security. As you can well imagine, companies in financial services are deliciously tempting targets for hackers, so federal regulations like SOX aim to create guidelines that will keep databases secure. This customer told me that current regulations like SOX are ambiguous and difficult to understand, and that you could ask ten different experts a question about SOX and actually receive ten different answers. “The intent is good, but the execution is poor,” they said. In particular, small businesses that lack resources will find it very difficult to achieve compliance. Adding to the challenge is the fact that regulations like SOX are a moving target: you might pass an audit today, but next year, with a different auditor, you might fail. Different auditors have different standards and different interpretations of the ambiguous regulations. Of course, SOX is not all bad. Our customer noted that one of SOX’s up-sides is the requirement that breached companies must notify the people affected. This helps to educate the public and keep companies honest. In addition, the risk of public embarrassment compels companies to spend more money on security than they otherwise would. This increased focus on security helps to prevent data breaches from occurring. This global equity firm maintains four separate data centers with operations in 20 different countries, and they use LogLogic’s log management and security event management products. SOX compliance was the primary driver that prompted them to approach us. When they were evaluating solutions, one of their top priorities was the ability to create detailed reports. They told us, “Most solutions we looked at seemed to have just slapped on reporting as an afterthought. LogLogic’s in-depth, customizable reports have given us unprecedented insight into changes in our infrastructure and help us to demonstrate compliance.” This unsolicited assessment of our reporting capabilities is something I hear echoed by nearly every customer I have the pleasure of chatting with. We place great value on the feedback we receive from our customers, especially when it helps us improve our solutions or provides us with tips and insights that we can share with our customer base worldwide. I’m currently in the process of talking with a number of our financial services clients about industry challenges and best practices. Check back for more customer mini case studies and stay tuned for a report of our findings… Got a cool LogLogic story? Send it to me at Lex.vandenberghe@loglogic.com