Keeping pace with compliance

  • Compliance with regulatory requirements and industry standards doesn’t necessarily mean your data is secure.

  • Compliance standards set only minimum requirements for securing private information.

  • To effectively protect your data, you must integrate your security and compliance processes.

What happens on Monday morning when your claims department can no longer access customer information after a weekend update to security protocols? Or you discover that your ecommerce website has been down for hours, and you track the problem back to recent infrastructure upgrades?

You might be meeting regulatory requirements and industry standards—for example, the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) security standards, the Federal Information Security Management Act (FISMA), Federal Trade Commission mandates, the Gramm-Leach-Bliley Act (GLBA). But if you’re only working to comply with these standards without fully integrating the software and platform updates into your business processes, it could seriously affect your bottom line.

Compliance doesn’t equal security

With the frequency of security breaches today and never-ending changes to regulatory requirements and industry standards, it’s imperative to take an integrated approach to security and compliance. That sounds simple enough, but coordinating security and compliance while keeping your processes running smoothly could feel like piecing together a jigsaw puzzle.

Don’t be fooled into thinking that being compliant means you’re protected from cyber threats. Compliance standards set some of the minimum requirements for protecting information. And achieving compliance at one point in time isn’t enough. You need to maintain compliance with these regulations on an ongoing basis.

“It is important to realize that security and compliance are not seasonal things to be done for a yearly or quarterly assessment but rather a continuous process to ensure security of critical assets and data,” said Bindu Sundaresan, Strategic Security Solutions lead for AT&T. “The main goal of all these regulations is to increase your security posture, not just a piece of paper saying you are compliant.”

Here are three questions you can consider when evaluating whether you are effectively integrating your compliance activities with your security planning:

1. Are you effectively keeping pace with compliance? Unless you have a security breach or scare, it may be hard to tell if you’re effectively keeping up. Compliance is an ongoing process and industry standards are constantly being updated. When it comes to compliance adherence and security best practices, it’s critical that you proactively be on top of the latest updates.

2. Do you approach compliance on a project basis or is it an ongoing part of your daily operations? If you approach compliance on a project-only basis, you’re not providing a consistently secure environment—and your customers will find someone who is. On the other hand, making compliance part of your day-to-day operations gives you the foundation of a well-planned corporate security strategy and a secure infrastructure.

3. Do you think of compliance as something that adds to your administrative workload or as a way to improve your security capabilities? Security compliance may seem like a burden that adds extra time to your already-hectic administrative workload, but it can help strengthen your overall security program. The benefit is that security helps protect your infrastructure while enabling you to operate your business effectively and efficiently to protect corporate and consumer data.

Security and compliance are two sides of the same coin. You have to meet compliance requirements and that can help you get started with the security controls needed to protect your infrastructure.

Make security part of your processes

Compliance isn’t an option, and neither is it a guarantee of protection. Unless you’re keeping pace with compliance and integrating it with security into your everyday business processes, you’re not doing enough. It can lead to adverse consequences, like crashes of internal systems and data breaches that compromise security, privacy, and protection of customer information and intellectual property.

The key takeaway is that security and compliance need to be dovetailed into your business processes, whether it’s keeping your databases up-to-date or transactional. It’s essential for a better secured and compliant environment that you develop clear security policies that are current, easily understood, fully implemented, and clearly communicated to all employees.

Find out more about how AT&T Security Consulting solutions can help your company satisfy industry regulations and safeguard your data.

Susan Essig Freelance Writer About Susan