Several years into an era of strict corporate-governance laws — most notably Sarbanes-Oxley and HIPAA— companies across a wide spectrum are still struggling to find their footing as they try to establish viable compliance frameworks. Despite the billions of dollars spent on such efforts, the consensus among experts in the field is that 100 percent compliance is "fundamentally impossible," according to Gartner analyst Robert Handler. That reality is ratcheting up questions about risk and vulnerability, leaving some industry insiders aghast at the head-in-the-sand mentality that persists within the IT sector. It's also leading those who are tasked with bringing their organizations into compliance to ask: If we can only do so much, what should that "so much" be?
展开▼