Continuous compliance?

Regardless of the vertical or industry we work in compliance is playing a major role in the decisions companies make concerning IT. Although most organizations are moving to a policy driven model and attempting to gain visibility and situational awareness into risk and controls, few have had the requirement to provide transparency, at this level, prior to regulatory pressure. However this requirement for transparency has caused them to struggle with addressing compliance initiatives in a repeatable and continuous manner. Point in time snapshots and passing audits does not improve security or enable operational efficiencies unless the organization can implement a well-defined repeatable process that supports multiple compliance initiatives through an implementation of IT and security best practices.

Compliance calls for the operational implementation of IT technical controls. To achieve real improvements in security while developing controls, processes and automation to pass compliance audits, organizations must implement an effective IT policy enforcement program that balances process with enabling technology. in addition to improving security and compliance, the choice of enabling automation technology can also reduce the cost and administrative burden of compliance.

What methods, processes, and technologies are you using to move away from point in time audits to enabling continuous compliance that is part of the overall IT and security initiatives, as opposed t in opposition to them?


One thought on “Continuous compliance?

  1. Amrit, I think you are right on here. I wrote a similar piece a couple of weeks back about a customer we are working with on this subject. Unfortunately, I can’t give out their name but it is a large network. Besides our software, they are using mandated configuration management/patching software as well. It makes compliance a by product.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s