Regardless of the vertical or industry we work in compliance is playing a major role in the decisions companies make concerning IT. Although most organizations are moving to a policy driven model and attempting to gain visibility and situational awareness into risk and controls, few have had the requirement to provide transparency, at this level, prior to regulatory pressure. However this requirement for transparency has caused them to struggle with addressing compliance initiatives in a repeatable and continuous manner. Point in time snapshots and passing audits does not improve security or enable operational efficiencies unless the organization can implement a well-defined repeatable process that supports multiple compliance initiatives through an implementation of IT and security best practices.
Compliance calls for the operational implementation of IT technical controls. To achieve real improvements in security while developing controls, processes and automation to pass compliance audits, organizations must implement an effective IT policy enforcement program that balances process with enabling technology. in addition to improving security and compliance, the choice of enabling automation technology can also reduce the cost and administrative burden of compliance.
What methods, processes, and technologies are you using to move away from point in time audits to enabling continuous compliance that is part of the overall IT and security initiatives, as opposed t in opposition to them?