Sarbanes-Oxley (SOX) Act Data-at-Rest Security Compliance

Thales assists in data security compliance with Sarbanes Oxley Act that regulates financial reporting and auditing of publicly traded companies

Americas Map


Active now


Sections 302 and 304 of the Sarbanes-Oxley (SOX) Act sets standards related to data protection, applying to US public companies and accounting firms.

Thales eSecurity can help organizations meet Sarbanes-Oxley (SOX) compliance requirements through:

  • Encryption and key management;
  • Access controls;
  • Security intelligence.
Sarbanes-Oxley Act: Section 404

Sarbanes-Oxley Act section 404 has two major compliance requirements:

  • Management is accountable for establishing and maintaining internal controls and procedures that enable accurate financial reporting, and assessing this posture every fiscal year in an internal control report.
  • Public accounting firms that prepare or issue yearly audits must attest to, and report on, this yearly assessment by management.
Sarbanes-Oxley Act: Section 302

Sarbanes-Oxley Act section 302 expands this with compliance requirements to:

  • List all deficiencies in internal controls and information, as well as report any fraud involving internal employees.
  • Detail significant changes in internal controls, or factors that could have a negative impact on internal controls.

The SOX compliance requirement implications for public companies to protect data are:

  • Any financial information needs to be safeguarded, and its integrity assured.
  • Specific internal security controls need to be identified that protect this data, auditing must take place, and this security posture re-assessed every year – including any changes or deficiencies as a result of changing conditions.
The Vormetric Data Security Platform from Thales

Thales provides key portions of the solution to Sarbanes-Oxley (SOX) compliance problems, providing security controls that enable organizations to safeguard and audit the integrity of financial data across widespread heterogeneous infrastructures. These portions of SOX compliance solutions include virtualized environments and cloud implementations, with big data usage as well as within traditional data centers against a broad range of threats against data.

An Integrated Thales Solution that Addresses Multiple Needs

The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to financial data. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Thales details who accesses data, leaving a clear audit trail. This enables extended security controls for recognizing compromised accounts. This single platform solution to multiple data protection needs helps organizations meet Sarbanes-Oxley compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

SafeNet Multi-Factor Authentication

Thales’ SafeNet multi-factor authentication secures access to corporate networks, protecting the identities of users, and ensuring that a user is who he or she claims to be.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls extend protection from data breaches by limiting data access to only authorized personnel and programs. And data access monitoring provides the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

SafeNet High-Speed Encryptors

SafeNet FIPS-certified network encryption devices from Thales offer proven high-assurance network security for your sensitive data in motion, including real-time video and voice.

Vormetric Application Encryption

Vormetric Application Encryption from Thales adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Thales SafeNet Hardware Security Modules (HSMs)

SafeNet Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services.

Family Brochure : SafeNet High Speed Encryption Solutions

SafeNet High Speed Encryption solutions from Thales provide customers with a single platform to encrypt network data in motion, whether on premises or in the cloud.


Research and Whitepapers : Layer 2 Encryption: A Shift in Network Security

Review this analysis of network threats, which lays the case for Layer 2 network security, and draws on third party reports and customer stories.


Research and Whitepapers : Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service).


Research and Whitepapers : A Security Survey of Strong Authentication Technologies

All authentication methods are based on providing the legitimate user with a method for proving his or her identity. Such “proof” can involve different form factors, such as something only the user knows (like a password) or something only the user has (like an external piece of hardware or the user’s biometric information). It could also be something that the user is, such as unique physical attributes, for example, a fingerprint or retinal scan.


Research and Whitepapers : Assessing the True Cost of Strong Authentication

Many organizations do not consider the Total Cost of Operation of their authentication solution. Instead, they decide based on the up-front purchase price. In fact, infrastructure investments and management overheads dominate the total cost of the solution, and lowering these overheads reduces Total Cost of Operation. Cloud-based services are increasingly becoming an integral part of the enterprise, precisely because they lower costs and management overhead while increasing flexibility.


Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail


Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More


Americas Map Thumbnail


Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More


Americas Map Thumbnail


Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
コンプライアンスの専門家に相談する 問い合わせ
コンプライアンスおよび規制に関するソリューションハンドブックを読む eBookを読む
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ