Content

Continuous compliance

Compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner, says Harish Rao, chairman & CEO, nSolutions.

Enterprises have to demonstrate operational and fiduciary responsibility in their regulatory environment. As such, compliance should not be seen as a one-time event, but as an opportunity to run the operations in a more consistent and predictable manner.

IT operations spend a considerable amount of time and budget in just managing change to the IT core and associated applications. Exacerbating the endless IT changes are government and industry requirements that come with financial penalties for non-compliance. Operationally, Sarbanes-Oxley (SOX) imposes a requirement to manage the security and configuration integrity of enterprise infrastructures and requires them to demonstrate compliance to auditors on an ongoing basis. The 12 requirements described within the Payment Card Industry (PCI) standard provide opportunity for enterprises to build a compliant environment in which sensitive data is secure.

The impact of these regulations is that IT operations pay more attention to configuration change management, rule books and collecting logging data in each of the domains of operations. It is more cost-effective for an enterprise to run its operations according to a set of corporate policies that makes it easier to respond to all regulatory requirements than to create a solution specific to each regulatory requirement.

From a business service delivery viewpoint, it's important to understand the dependencies between the configurations of today's infrastructure resources. However, the configuration repository must show the dependencies between the various resources supporting the business service.

Today's challenge is how to get information at this level – in a single unified view of the configurations, in real time – to provide a dynamic view of the configuration state. With traditional root cause and fault isolation tools, it is not possible.

Observing and managing change for continuous compliance presents an opportunity to minimize business risk through IT automation and control. In the process, it provides a business services perspective of the configuration state in real time, while providing a holistic solution for managing change across the domains of operations.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.