Compliance Versus Security? More Like Compliance AND Security
While the match — that of compliance and security — may not be as straightforward as say, marketing and sales, it’s a mutually beneficial relationship that should be considered a critical partnership for businesses this year, experts from American Cyber Security Management and ETHIX360 tell us.
Not only can the two functions work together in building a strong business case for higher budgets and influence decision-making, but they’re complimentary in a number of ways albeit from different organizational functions with individual responsibilities.
Having the functions work in tandem with one another — for example having compliance ensure security is complying with regulation protocol against malicious attacks — is becoming indispensable for businesses to grow and keep customer’s trust. Thus, the debate of compliance versus security folds to the compelling benefits the two together can provide.
As business risks increase in complexity and scope, coupling compliance and security is becoming a proactive strategy worth exploring.
Just last week, The New York Times reported that computer security experts out of San Francisco found “two major security flaws in the microprocessors inside nearly all of the world’s computers.”
Screen grab from The New York Times
“The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory of contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks,” reports Cade Metz and Nicole Perlroth.
It’s clear from flaws like this and many others, the global risk landscape is becoming intensely connected. For companies big and small, young and old, across industries, the role of security in the overall strategy should a core component.
Statistics from the World Economic Forum’s 2017 Global Risks Report confirm the increasing likelihood of technological risks such as a breakdown of critical information infrastructures, cyber attacks, and massive incidents of data fraud/theft. Over the last decade, these kind of risks have been considered one of the Report’s top five risks on the global scale year over year.
Security has become much more than just having a complex computer password.
While business embrace emerging technologies, there becomes a new level of complex problems and risks to mitigate and try to get ahead of before any unintended technological consequences occur.
All security experts know it’s not just if but when a system will be compromised.
As such, there is an acute need for an effective compliance framework that aligns with your security posture. Protection of business’ stored data from Personally Identifiable Information (PPI) and credit card information to trade related information and other highly sensitive information should be treated as a never-ending responsibility.
Without ongoing and reliable data protection, data can land in the wrong hands and leads to catastrophes that executives at businesses like Equifax and Target are all too familiar with.
[Related: How Risk and Compliance Build Trust]
Compliance and security need to work together in today’s business world.
Even though most tech-based companies patch about every few weeks, says Janelle Hsia, Director of Privacy and Compliance a American Cyber Security Management, there are still too many vulnerabilities in applications and it simply takes too long to fix those vulnerabilities — on average a fix takes the better part of a year while some never get fixed.
While there are unique vulnerabilities from business-to-business, understanding what is vital to your organization is a necessity, says Hsia. With that understanding, company processes can be analyzed to determine a risk tolerance.
Yet, without a documented and practiced compliance program, the business and key stakeholders are unable to become aware of the many complex vulnerabilities out there.
For company’s like ETHIX360, a hotline and case management tech startup, Chief Compliance Officer Stephanie Jenkins is actively seeking security strategies when it comes to protecting their customer’s data.
“We have a duty to protect their data with our technology as well as our people,” says Jenkins.
This security mindset within the compliance function and vice versa for those in security, illustrates an often overlooked business obligation: relentless data protection.
Having compliance and security working together creates an entirely new and alluring competitive advantage.
Success and growth today in part means taking cues from companies like Patagonia and TOMS — both wildly profitable businesses that promote their deep investment in “doing well by doing good” and market these efforts as their core competitive differentiator.
And this model works time and again. In May 2016, Patagonia reported annual sales of $800 million, twice the reported sales in 2010. TOMS annual sales average $500 million.
Not only do consumers want to get behind an ethical mission they, too, believe in, but investors and other key stakeholders see these for-profit social ventures as ripe opportunity.
The same is true for secure and compliant companies, especially, as risk vulnerabilities rise and expansions include competing in the global market. Consumers and businesses will have a hyperfocus on how their data is secured.
Investors, boards, vendors, and other key stakeholders are erring on the side of caution and conducting extensive due diligence before ink is brought to paper.
Those that manage the relationship between compliance and security in a balanced and fair way or are planning to will have the upper hand more often than not in today’s increasingly digital business landscape.
To learn more about the changing landscape of compliance and security, join industry experts Janelle Hsia and Stephanie Jenkins tomorrow, January 9 from 11-12 p.m. MT for a live webinar session: Compliance Metrics That Matter.
Compliance Metrics That Matter (Webinar)