Johannesburg, 31 Jan 2018
Compliance is no easy task as regulations and mandates are always changing and translating these requirements into concrete IT policies can prove challenging. However, the risk of non-compliance includes financial and legal costs, negative impact on your brand, security threats, reduced or total loss of availability and even disruption to your business.
Regardless of industry and sector, or even size of the business, all companies have to comply with an often confusing array of regulations and legislation. There are internal directives and policies, at the same time businesses face sector-specific regulations (such as HIPAA) as well as external legislation, both local and international, such as POPI, Sarbanes Oxley and GDPR, to name a few.
Rene Bosman, Manager at Infoblox Africa, says: "While there's a lot of regulation around how a company should deploy certain technologies or applications, there's not a lot of guidance as to what a compliant IT infrastructure should look like or what systems you need to have in place. For example locally, POPI is starting to gain momentum and with GDPR coming into effect in March, POPI is expected to come into force anytime thereafter. We're seeing more and more companies that are struggling to translate compliance with these types of legislation into something concrete."
While compliance is a business directive, it falls to the IT division to ensure networks are secure, as well as all of the devices on those networks, and that any data that travels over the networks is protected. Add to this a constantly changing IT infrastructure, impacted by things like the cloud, big data, BYOD, people, IOT and mobile technologies, all resulting in silos within the business, no real visibility, data distributed and at risk, applications that don't always work together, and it becomes clear how complicated compliance is to manage.
Compliancy initiatives are all too often manual and siloed, resulting in cumbersome processes that struggle to keep up with rapidly changing compliance requirements, which can lead to errors and also which require valuable resources. In these instances, it's difficult to identify risk and violations easily. Also, what was compliant last week or last month, may no longer be compliant today. "Businesses can address many of these challenges by implementing compliance processes that are automated, provide visibility and security and enable auditing and reporting," says Bosman.
* Automation
The ability to automatically assess changes on the network across a diverse infrastructure, assess compliance with the relevant requirements, and automatically remediate any violations found.
* Visibility
The ability to see across a diverse architecture and identify any new devices that connect to the network, regardless of whether they are on site or remote. A centralised database is created of all devices and applications on the network.
* Security
The ability to meet compliance requirements for regulated data, such as GDPR or POPI, by protecting distributed data wherever it is, as well as the ability to scan new or suspicious devices and defend the business against ever-evolving threats, such as DNS-based data exfiltration.
* Reporting and audit
The ability to view granular user activity and generate predefined and custom reports with historical data for easy auditing of compliance, as well the ability to archive reports to meet data retention compliancy requirements.
Bosman explains: "We refer to this as actionable intelligence. It basically means that we control the network by automating network services; we provide network and business context; we also secure those networks; and we analyse them."
Bosman concludes: "Any public company needs to be audited annually. Billed per hour, it's easy to see why a manual audit is an expensive exercise. Having automated processes in place can significantly reduce these costs within a business. Over and above the compliancy discussion above, this benefit to the business's bottom line is significant."
Share