Compliance is no guarantee of security
by Richard Hibbert - CEO, SureCloud - Friday, 18 April 2014.
Neither off-the-shelf nor home-grown systems are capable of meeting what organisations need most – namely an easy to implement solution that supports existing processes (rather than re-engineering) which has in-built analytics to allow informed decision making based on corporate exposure to risk. With data breaches on the increase, it highlights that organisations in the 21st century need something better than spreadsheets to manage their security processes.

In my experience organisations find standards such as PCI much easier to comply with if stakeholders are able to collaborate in a centralised control-oriented process hosted in the Cloud. This has the immediate benefit of helping organisations automate their auditing process. It also gives them an easy way to devolve responsibility for completing questionnaires or sections of questionnaires to those most qualified to provide the answers and centralise evidence collection. This eliminates any need for lengthy spreadsheet-based programmes and frees up highly skilled compliance and risk personnel from time-consuming project administration.

The ability to bridge the intelligence gap between off-the-shelf and home-grown compliance systems is a real game changer. By giving organisations immediate visibility of the status and greater overall control over their compliance programmes it helps them meet their current compliance demands and makes responding to future changes so much easier. Having a control–centric process that embeds demonstrable working controls into the daily routine keeps it separate from the regulatory standard and makes continuous compliance part of everyday best practice.

In conclusion, I believe a continuous BAU approach to information security is essential. Furthermore a cloud-based software-as-a-service approach can make the transition of existing processes straightforward and extremely cost-effective. Improving the security of your organisation is a better way to safeguard against breaches than relying exclusively on ‘tick box’ compliance exercises. A continuous approach to compliance puts controls at the centre of the compliance programme, as opposed to relying on an annual audit, where control activity is performed and monitored throughout the calendar year. This approach provides real-time visibility of the organisation’s compliance status – the net effect being more merchants incorporating PCI DSS compliance into their BAU practices and importantly improving the organisation’s security posture.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th