Government and legislators are starting to react to growing concerns by the public on how companies handle and protect information and how security breaches can affect customers and consumers.
Several new laws and regulations require companies to comply with standards for data handling, data protection, event logging, unauthorized access disclosure, etc.
Companies in the pharmaceutical industry, for example, may be required to keep detailed records of events in their computer systems used to develop new drugs. Financial service companies are being required to better protect customer data privacy. Publicly traded companies may be required to adhere to a minimum set of information security measures due to public security concerns.
While regulatory compliance should not be the main driver for the design and implementation of a comprehensive security policy, they may affect it by adding new requirements for the data center infrastructure.
New company-wide policies might, for example, ban the transmission of user name/passwords in clear text form, thereby prohibiting any OOBI product without SSH support. Centralization of user information may impose the need for LDAP-based authentication support in all networking equipment.
In order to track events in the network infrastructure, it may be necessary to keep a log of all console messages produced by servers and network equipment. This task would require the use of console servers and logging engines even in situations when OOBI administration was not previously justified.
Before starting the design or deployment of new OOBI systems, consult the teams managing security and handling regulatory compliance in your organization. There may be requirements that affect your product selection and architectural design.