Annual compliance audits don't cut it
In today’s work-from-home era, security needs to function as a business enabler and be an integral component of every business’s daily processes. At the same time, keeping up with compliance standards plays a critical role in making sure any organisation is secure.
However, one great mistake that many businesses make is thinking that if they are compliant today, they will remain compliant forever. Regulations, infrastructure and standards change constantly and, more often than not, without end users being aware of the changes.
This means that compliance requires vigilance and review. With the fast pace of technology adoption, with the likes of containers and cloud, one cannot wait for annual compliance audits, says Muggie van Staden, CEO at Obsidian Systems.
“Today, systems are rapidly deployed and destroyed, as they should be,” he adds. “The challenge is that in many cases those systems are not checked for compliance.”
One great mistake that many businesses make is thinking that if they are compliant today, they will remain compliant forever.
A specific service will run for a few days and then be removed, but that service still needs to be compliant. “The only way to achieve this is for constant compliance testing, and even constant compliance automation.”
Speaking of the steps to take to implement continuous compliance, van Staden says it is critical for business–compliance, risk and security – to define the key compliance metrics applicable to each environment.
“From there, it is possible to put the necessary systems in place to check against those metrics on a continuous basis. Business needs to also realise and enable IT, risk and compliance within the organisation to deploy the necessary technology to do this,” he explains.
Finally, van Staden says an annual report will just not cut it in today’s environment.
“The CIO has the responsibility, and should have the ability to, at any given time in a day, check a dashboard that shows how many systems are non-compliant within the organisation."
Karl Fischer, automation lead at Obsidian, and Simon Fisher, director of EMEA presales and customer success, at Chef Software, will be presenting on ‘How to implement continuous compliance and audit processes in order to effectively mitigate risks in a fast paced digital era’, at ITWeb Governance, Risk & Compliance, to be held as a virtual event on 11 February.