Looking over the Customer Spotlight section of this issue of the newsletter, I am reminded of how many large enterprises are implementing Sun identity management solutions today. Most interestingly, global corporations such as GE and others are increasingly relying on Sun solutions as a resource for compliance. I think what makes Sun identity management attractive to large organizations that are tackling compliance challenges is the way our approach enables them to transform and master that challenge.

What I mean by that is that instead of viewing compliance in terms of the need to respond to auditor demands, we see it as an ongoing part of everyday business — even an opportunity to improve everyday business. Our customers don't look at compliance as an expensive interruption that takes them away from their core work; with the technologies and processes in place to constantly be in demonstrable compliance, they don't have to. For them, it's never a question of getting there, it's a matter of being there.

Facing the Reality of the Challenge

When I think about the way large organizations typically approach compliance, I realize that many of them don't understand the ongoing scope and pervasiveness of it. I think most see it as a demand being suddenly imposed on their business from the outside, and also as a demand that it falls largely on Operations and Finance to address. Here's how they tend to respond to scheduled audits and other compliance-related demands as a result: They throw as many operational and economic resources at them as possible within the given timeframe to meet the immediate goal, and then, once it's passed, they breathe a deep sigh of relief and go back to business as usual until the next crisis comes along. The problem is, in an era when regulatory pressures are ratcheted up higher than ever, there will always be a next crisis. There is no end to the journey; it's ongoing, every day.

Redefining the Scope of the Response

So what's the alternative? Sun's approach comes from the understanding that compliance is not a one-time hit to Operations and Finance. Rather, it's a continuing requirement that affects everyone in the organization. In fact, it's not uncommon these days for someone in marketing or some other seemingly unaffected department to have to sign off on, for example, Sarbanes-Oxley-related paperwork. Compliance is everywhere, all the time, and the sooner organizations recognize that and — I'll even go so far as to say — embrace it, the sooner they can start dealing with it in a way that benefits rather than taxes them.

I like to explain what I mean through an analogy about the seat belt in my car. In the years before widespread mandatory seat belt use, I simply didn't wear one. A lot of people didn't. Then when my state passed a law requiring me to wear one, I grumbled about it for a time. I saw it as this imposition from outside on my ability to get where I was going with a minimum of trouble. Eventually, though, I began to see it differently.

The seat belt wasn't interfering with my driving; it was actually enabling me to move forward more safely and confidently, by reducing my risk of injury or property damage. Eventually, it just became an everyday, automatic part of the trip. That's how it is with compliance: You can grumble about it and see it as an obstacle to moving your business forward, or you can begin to understand the potential for business improvement that it offers and set about fulfilling that.

Embracing the Opportunities

What exactly are the opportunities for improvement that compliance brings? Where exactly is that silver lining I keep seeing? I think that by forcing businesses to look closely at the policies and procedures surrounding issues such as data security and privacy, compliance is associated with opportunities to gain customer trust and loyalty, to strengthen business relationships, and to build the extended partnerships that are increasingly necessary to offer new revenue-driving products and services to customers.

By helping companies address security issues effectively, identity management not only enables them to achieve compliance, it also allows them to take advantage of these opportunities. But for all of this to play out, achieving compliance has to be an integral part of doing business — just as wearing my seat belt has become an integral part of my driving.

Automating for Sustainability

The key to making compliance a sustainable and integral part of business, as our customers are doing, is to automate the processes associated with it and implement them as a set of best practices within the organization. The reality today is that many companies today still use labor-intensive, error-prone, costly manual processes when they are challenged to provide data for an audit or otherwise participate in compliance-related activities.

The alternative is to automate, in an ongoing way, the collection of evidence of compliance and other activities associated with auditing. This is what Sun identity management does, by automating ongoing security policy enforcement, auditing, and reporting. Then, when an audit comes along, the evidence of compliance is right there, having been addressed every day as just a normal part of doing business. Automation makes it manageable to do this, as well as cost-effective. If I may be allowed to indulge my seat-belt metaphor one more time, if I get sideswiped while I'm out there driving, my seat belt is right there to provide the protection I need to make sure I'm at the least possible risk of being hurt.

Compliance is a challenge that's not going anyway anytime soon. If anything, it's likely to become a greater factor, as more regulations are passed in the wake of news about everything from identity theft to misstated financials. Our large customers have come around to understanding that the best way to address this is to find ways to make it easier and more cost-effective to meet the demands of compliance — and to treat these demands as opportunities for business improvement. That's what Sun identity management is helping them do.