Compliance: The Why? What? and How?

Sean Walls, Director, Cyber Security Solutions
10/14/14 at 12:58 am

Compliance, what is it? The dictionary defines compliance as, “the action of obeying, or complying, to a wish or command.” In IT, we think of compliance as adhering to the rules placed on us by the government or industry, to better secure our intellectual assets and customer data. When we think of compliance we think of PCI, HIPAA, GLBA, FISMA, and so on. But if regulatory compliance is meant to help us protect our data, then why are so many “compliant” companies being breached? The answer is simple, “Compliance does not equal security”.

Compliance does not equal security.

Too often when a company has to meet some regulatory compliance requirement, they simply go through the motions, meet the rule, and have a false sense of security, thinking that because they are compliant they are secure. However, true security is much, much more, and compliance is just a small piece of the puzzle. Security is a process, which includes a cycle of continuously identifying risks, remediating (with technical and/or administrative controls), testing, monitoring, and reporting. And proper compliance is woven into the fabric of this process.

When implemented properly, this security framework will help an organization maintain compliance, and additionally it will help minimize risk and protect the interests of the company as a whole. As PCI Council has recently proposed in version 3.0 of the DSS, security and compliance should be part of the normal business process. If an organization expects to compete in the 21st  century, they must make security and compliance a priority. The cost of one breach could be devastating to an organization, and may take years to recover from. We are going through a cyber revolution, and in order to compete, companies need to be able to conduct business in the cyber marketplace; however, without a well-managed security and compliance program, they are placing their organizations at risk.

For decades, Presidio has been helping companies worldwide implement sound security and compliance frameworks. We have the expertise to help your organization navigate the maze of security and compliance, to help your business compete safely in this brave new world. If you are interested in more than just meeting compliance, and want to truly protect your company and client data, Presidio can help. It is what our Cyber Security team does. We have specialists, not generalists, when it comes to security, which is what you need to solve both compliance and security challenges that are specific to your business.