Time to kill compliance fears
Resellers can show how to achieve value from compliance by focusing on the broader enterprise security goals
Resellers can show how to achieve value from compliance by focusing on the broader enterprise security goals, claims Dennis Szerzen.
In recent months company directors have been reminded that a failure to comply with new regulations can and will land them in prison.
The technology pages’ recent emphasis on regulatory compliance has coincided with some high profile headlines detailing the escapades of cyber criminals around the world.
End customers seek peace of mind that organisations are genuinely committed to security because they want to be, not just because laws require them to be, and that the necessary infrastructure has been put in place to prevent information leakage.
At the end of May, Japan’s largest price comparison web portal was scrambling with the fallout of a decision to keep its web site in operation for three days with the knowledge that it had been hacked and could be feeding Trojan horse programs to visitors. A proactive whitelisting approach to stopping malware could have prevented such a scenario from unfolding, which shows how an enterprise can prepare for more than just the bare minimum legal requirements under new legislation impacting upon it.
Whitelisting can be a critical component of the fusion between compliance and security. While compliance can force businesses to embrace security stances that they ought to have in place anyway, it can also pull the other way.
Marketing hype that exploits uncertainty over new regulations is counter-productive and simply unnecessary when one considers the capabilities of access control technology and its wider implications.
Unfortunately, compliance is absorbing an increasing percentage of the budget, often without proper evaluation. Resellers can show extra value here by suggesting technology that can bridge different requirements in a single implementation.
In the minds of security officers around the world, there is a tug-of-war between the compliance-led approach and the risk-led approach. The key to extracting value from compliance is perhaps not to address it directly, but to concentrate on the broader security goals of adopting best practice frameworks and effective risk management. Resellers can put forward close access control as a method of enabling security officers to kill two birds with one stone.
This approach ultimately means that compliance can be the happy side benefit, and not just represent the business gains.