Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Analytics and ROI

Making Compliance Part of the "IT DNA"

By Tom Schmidt

For today's enterprises, meeting the requirements of a variety of technical standards, IT governance frameworks, and laws related to security and administration have become a significant challenge. And as numerous industry experts have observed, the pressure to demonstrate compliance with such mandates will likely increase in 2007.

Today's compliance market is similar to the security market of the mid-1990s. Security used to be an afterthought. Companies built their networks and their IT infrastructure without very much thought of security. Once threats and vulnerabilities began to rise in the late '90s, the need for security was better understood. So security got bolted on, and today security is very much engrained in the IT fabric. Compliance is evolving the same way. In most cases, IT infrastructure, processes, and operations weren't built with compliance in mind. But with an increasing regulatory environment, companies have had to adapt very quickly. So today compliance is bolted on, but in the near future policy compliance will become part of the IT DNA.

A "top of mind" issue
Compliance is now a "top of mind" issue for enterprise customers, who are eager to reduce the cost and complexity associated with regulatory compliance through automation.

Software can be used to automate repetitive manual processes. More software equals fewer people, which in turn equals lower costs.

That equation appears to be underscored by the latest (2006) Ernst & Young Global
Information Security Survey, which found:

  • The impact of compliance continues to grow.
  • Compliance is promoting teaming between information and other functional business groups.
  • Compliance is improving information security.

The IT Policy Compliance Group's benchmark report (February 2006), which examined differences between leaders and so-called "laggards" in achieving compliance. According to the report, the three major drivers of performance results in achieving IT compliance are:

  • Frequency of internal audit and IT security monitoring Leaders audit for compliance on a continuous basis, at least once a month.
  • Time allocated by IT to compliance Leaders are spending 50% more time on compliance than laggards.
  • Spending on IT security Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

Conclusion
With high-profile data breaches and regulatory pressures showing no signs of diminishing, enterprises have a vital role to play in educating employees about the importance of good IT compliance and governance. For these organizations, policy compliance can truly become part of the IT DNA.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

-- IT Policy Compliance Group's benchmark report (February 2006)
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.

© MMIX, CBS Broadcasting Inc. All Rights Reserved.