Different departments and the regulations that affect them are still too often being run in silos, according to Dave Funnell, sales manager of RSA, the security division of EMC. “This leads to duplication of effort, poor decision-making, and a real risk of failed audits and penalties for non-compliance,” he says.
Funnell believes many organisations are still trying to manage GRC in a reactive and fragmented way, using manual tools and processes that aren't really designed for the job, making it time-consuming, inefficient and expensive.
“Companies viewed PCI compliancy as an onerous task,” he says. “But this is only a symptom of a siloed approach.”
He says it is necessary to try to achieve a single view of corporate GRC, which consolidates policies across departments.
Trevor Ndobeloa, MD of Quarphix, agrees that a single view will provide tremendous benefits, but says it is impossible to achieve through technology alone. “Who ensures that the technology runs properly?” he asks.
A combination of people, processes and technology can help ensure that GRC is less of a challenge and more of a benefit for organisations.
According to Hedley Hurwitz, MD of Magix Integration, GRC needs to be better understood. “It needs to be defined at a corporate level and related to business goals,” he says. Without having a clear understanding of GRC, companies stand to incur greater risks as data continues to grow.
Security issues
“It is important to understand that compliance does not equal security,” says Samresh Ramjith, CTO of Dimension Data Security Solutions. “Doing only what needs to be done to be considered compliant may not offer the level of security needed.”
According to Hurwitz, the risk of corporate fraud is increasing tenfold. “Unstructured data is not being watched. Instant messaging channels are difficult to control. A mobile workforce creates a plethora of security risks,” he says.
“Currently, the biggest risk facing organisations when it comes to corporate data is that of security, with possible consequences of non-compliance, including reputational damage and espionage,” explains Jayen Vyravene, MD of Quency. “The biggest challenge in this regard remains changing the culture and mindset at all levels of the organisation when it comes to information security. While the board's mindset may have already changed, the safety of corporate data will continue to be a threat until this mindset filters through to every individual at the organisation.”
Security and governance, By MTN Business
Unstructured data is not being watched.
Hedley Hurwitz
* Today, data centres are the lifeline of many organisations, and safeguard confidential business data required for business continuity.
* The subjects of cloud computing and virtualisation really hit the headlines in 2009 and market trends and growth of these platforms in 2010 certainly indicate that they are not merely just hype - rather trends impacting the centralisation of ICT infrastructure and systems.
* In fact, 58% of 200 corporate IT decision-makers and managers were already using cloud computing services and 63% virtualisation in 2009*.
* Despite this growth, IT departments still have concerns about such concepts - especially around security and governance.
* The reality, however, is that 2010 has been the year of recovery for many organisations, post the economic recession, where businesses are continuing to look for value-added services that will not only meet their business needs, save costs and are easy to implement, but ones that also provide security and service flexibility and result in minimum downtime and high availability.
* These same organisations are seeking value added solutions and offerings that put the control of technology decisions into the hands of the business user and decision-maker, as well as provide instant expansion or contraction flexibility, allowing organisations to focus on their core business - an element that is key to remaining competitive in a tough market. This is exactly what cloud computing and virtualisation services provide.
* The key is to ensure that when implementing such services, organisations partner with a trusted ISP.
* Expansion and upgrade investments must be a key priority now and the benefits will follow - for customers and service providers alike. 2010 was just the beginning...
*Corporate Data Use, World Wide Worx and MTN Business, 2009
Share