View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Keeping up with Compliance — Why a Continuous Approach is Required

The implementation of GDPR has brought food for thought to many organisations, so what action is required to be compliant?

By April Slattery

The world of business is never short of buzzwords and hot topics, but at this particular point of time the vast majority of debate seems to be focused around compliance. While this has been an omnipresent concern for businesses operating within the public sector, the introduction of the General Data Protection Regulation (GDPR) in particular has forced organisations of all kinds to sit up and think about whether they are compliant or not.

It is encouraging to see so many businesses tackling the compliance issue head-on and giving it the attention it deserves. But when it comes to achieving compliance of any type, be it GDPR or otherwise, organisations are often too focused on simply ‘becoming compliant’. Of course, this is an important milestone to reach, but there needs to be a longer-term view; one that ensures all organisations are maintaining their compliance on a continuous basis and that all boxes remain ticked.

Simply put, continuous compliance is essential because the landscape is constantly changing. If a business achieves compliance and then simply considers the job done, it won’t be very long before some kind of change means that all their efforts have come undone.

Addressing the Challenges

This is par for the course in such a fast-paced world. Technologies emerge and develop at a rapid pace, businesses are constantly transforming and the markets they operate in are always evolving, which means that only a continuous approach can prevent this from happening.

There are additional challenges around continuous compliance, most notably the size of various risk management and compliance frameworks that organisations must adhere to. The NIST Cybersecurity Framework, for example, has close to 400 specific requirements that need to be met. When you then consider the fact that most businesses have to work in accordance with multiple frameworks, you start to understand the true complexity of the issue.

A lack of internal knowledge and understanding can also hamper continuous compliance efforts. IT teams may not have the right skillset to translate compliance and controls in the physical world to the virtual world. In addition, while teams might be good at manually carrying out continuous compliance, they don’t necessarily have a broad industry view; an understanding of what other similar organisations see as challenges and how they are overcoming them.

This begs the question: How can businesses overcome these challenges in order to successfully achieve continuous compliance in today’s business and ever-evolving technology landscape?

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The answer depends upon individual business needs, but cloud technology can alleviate some of the burden through the elimination of hardware limitations.

Compliance in the Cloud

The use of cloud technology needs to factor into continuous compliance. Almost all technology business decisions nowadays have a cloud component of some sort, whether it’s business intelligence, analytics or the Internet of Things (IoT), and this can translate into an additional challenge.

However, while there are indeed technical and security-related obstacles to consider, the advantages that cloud technology has to offer from a compliance perspective certainly outweighs anything else. Businesses have already realised its potential in reducing operational complexities, and these benefits can also be transferred to the world of continuous IT compliance.

Most significantly, using cloud technology to monitor and control IT compliance offers a tremendous amount of transparency: being able to audit, query, alert and resolve any cloud infrastructure changes through virtual means is an incredibly powerful tool to have at your disposal. This helps significantly in the acceptance and continued adoption of the technology, and in the organisational approach to continuous compliance. It can also deliver significant cost savings and streamline workflows through automating certain processes, simplifying reporting and cutting down on the number of compliance and reporting tools needed.

Looking more specifically at how this might help organisations achieve a continuous compliance approach, it largely comes down to unification. A cloud-based platform can enable businesses to integrate all its relevant compliance-based data and information into a single view, thanks to the ability to consolidate their existing management tools and their respective data sources. This enables the standardisation and normalisation of the data before querying against a policy engine that incorporates a subset of rules that aligns to multiple regulatory frameworks. When implemented and configured in the right way, this can provide operators with an intuitive compliance dashboard that combines data sources from across the organisation, which allows them to see what they’re doing right and where they’re going wrong at-a-glance and in near real-time. It also enables automation and manual remediation to fix non-conformities and further prevent breaches.

The use of cloud technology in this way can also allow organisations to continually track their infrastructures and trigger alerts when necessary instantaneously. Using our pre-defined rules and the ability to add bespoke policies, a cloud-based platform can continuously pull information and check it against the controls it has in place to identify any instances of non-conformities, which makes it simpler for any issues to be audited and resolved.

Conclusion

The concept of continuous compliance might seem overwhelming to many businesses — just the idea of achieving compliance in the first place can seem like a complex journey, let along maintaining that status. But the process can be made much simple through the implementation of technology, and cloud technology in particular, which brings all relevant information together into a single platform. This allows organisations to identify and deal with any non-compliance issues with an unprecedented level of agility and effectiveness.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU