Maintaining Control in the Regulatory Landscape

Article contributed by Mat Clothier, CEO at Cloudhouse.

Many industries are subject to a range of regulations and rules that they need to ensure compliance with, and the continual merry-go-round of changes and updates means that organisations within them can find themselves falling behind. As a result, IT teams and regulatory professionals can rush to bring in quick fixes to try and ensure compliance, but they run the risk of these failing to meet requirements and ultimately creating further issues.

The urgency of ensuring compliance is heightened by the fact that many businesses also need to complete audits on a regular basis to prove to regulators that data and services are private and secured by the best known means. While it’s also the case that cost reduction provides a strong basis for keeping pace with regulatory changes, the requirement to meet these rules means a solution simply needs to be implemented. This is even more crucial as stricter regulations come into force and the fines for non-compliance continue to rise. 

Compliance considerations

Depending on the industry the organisation operates in, varying regulations may apply. The SOX act for example was devised to protect both shareholders and the general public from any fraudulent practices or accounting errors. In both a financial and IT sense, all public companies in the US and non-US with a presence in the country must now comply with the regulation, or otherwise face fines of up to $5 million.

Regulations can also apply to certain organisations regardless of industry. PCI DSS compliance is mandatory for any merchant accepting credit cards, with protection of payment card information vital to win the trust of customers. Across the banking sector, regulations such as Basel II provide recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.

Organisations need to successfully navigate the regulatory landscape, or otherwise face the worst case scenario of going out of business if solutions are not implemented successfully. The key to enabling compliance is by carefully controlling change, which includes tracking any deviations through development, validation via engineering and then testing any new integration. The biggest issue with ensuring compliance however is the overhead required to both test systems and ensure that the results are recorded in a meaningful way, but the correct technology integration can remove this challenge. 

Keeping pace with change

The first stage to gaining control is via the ability to monitor configuration across a range of devices in an IT suite. With the right technology in place from a specialist vendor, the current configuration can be ascertained before having visibility of how a device may have changed over time, which is vital data in understanding where a fix needs to be applied to ensure that regulatory standards are met.

Based on the organisation’s interpretation and how they are best applied to their operations, the appropriate controls can then be integrated. This could for example be a particular setting that means only certain users have permission to access customer data, or a firewall that should only allow a certain type of information through. A monitoring tool can then be used to continually check and identify any change that deviates from those controls, ensuring that any potential future issue can be picked up before it becomes a problem.

IT professionals today are typically juggling the maintenance of numerous devices with a plethora of different solutions, leaving them with little time to work on other tasks. This could include server provisioning, a desktop or laptop system, network devices, storage and potentially even a different solution for each of their applications. By adopting a strategy where a heterogeneous monitoring tool is used, it’s all in one place and any non-compliant devices won’t slip through the net, reducing the chance of configuration drift.

Enabling omnipresence

Previously, the successful monitoring of one device at a time was a more realistic expectation for IT professionals, allowing them to keep control of regulatory developments. With the proliferation of IoT devices in the modern world, it’s now a little more complex, particularly as regulations evolve and greater jurisdiction over the whole IT suite is needed. In addition, the number of devices looks only set to grow as technology develops.

Despite the demands of the modern IT environment, IT professionals simply can’t be in two places at once. However, with the right technology solution in place, organisations can achieve a level of omnipresence that was previously impossible, enabling oversight of the IT suite. With an effective monitoring tool in place, professionals in the industry are able to achieve effective control over internal technologies and their level of compliance, easing their workload and enabling disruption-free business processes.

EM360, as you know it is about to change. CIA hackers, Google visionaries and some of the other biggest influencers from the tech industry are waiting to engage with you on the technologies that will define the future of enterprise tech. All you have to do is sign up as a premium EM360 Tech Member.

Features You Can Unlock As A Premium EM360 Tech Member:

• Engage with the leading influencers of Cyber Security, Data Management, Enterprise AI and more.
• Gain access to our expanding library of exclusive content and resources.
• Get insights and opinions from industry leaders on the latest trending topics.
• Rise through the ranks to become an Industry Guru and GET PAID to express your opinion.

Watch out for the launch of the new EM360Tech website on August 22nd, 2022. If you are a tech enthusiast, this is the place you need to be. For more information, reach out to us.