Compliance: Time for Companies to Raise Their Game
‘Governance, risk and compliance’. Three words that are the stuff of nightmares for senior managers. Not because they have done anything wrong, but because the breadth and scope of this area continues to grow exponentially.
Higher Risks mean Increased Regulations… and Tougher Penalties
Their ability to get a good night’s sleep is not just affected by the ever-lengthening ‘to do’ lists associated with implementing GRC, but by the risks attached to their failing to do it properly.
According to a study carried out by International Association of Privacy Professionals (IAPP), The new General Data Protection Regulation (GDPR) coming into force in the next two years will need 28,000 new dedicated data protection officers in Europe alone. That’s a veritable army of new staff whose backgrounds will need to be thoroughly checked before being recruited, trained, sat somewhere, managed, fed and paid.
A fundamental part of these roles is to not just drive policies into the core of a business to avoid the repercussions, but also to report in detail should a breach occur. This reporting includes:
- The nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- A description of the likely consequences of the data breach;
- A description of the measures taken or proposed to be taken by the data controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
And this is on top of the 70,000 new jobs that the then head of financial stability at the Bank of England, Andy Haldane, predicted in 2012 would need to be employed in Europe by financial institutions just to comply with the requirements of the Basel III regime for banks.
The penalties for non-compliance are enough to induce insomnia too. Organisations can be fined up to 4% of their global turnover. This no longer represents a mere slap of the wrist but an almighty whack where it really hurts; on the bottom line.
Tips for Successful Compliance
So what can companies do to improve their performance in this area? As sports news has increasingly moved from the back pages to the front pages, let’s use a sporting analogy to guide us. High performing teams, we are told, need three things to succeed. They need:
- The right skills
- The right structures
- The right attitude
If one of these three factors is missing, or weakened, then no amount of compensating the other two will suffice.
For those responsible for implementing GRC strategy, this translates as employing staff with an appropriate level of knowledge of cybersecurity skills; for those staff to have appropriate (i.e. fit for purpose) systems, processes and procedures and, critically, for them to engender a relevant internal cultural attitude towards all aspects of GRC.
A simple, balanced scorecard approach will quickly identify which of these three factors is the weakest at any one time and can then drive the actions needed to rectify it. Continuously measuring, then improving these will drive up performance and ensure that the organisation’s GRC strategy is achieving its goals (as well as helping the CEO to get through the night).
How We can Help
The WALLIX Bastion Privileged Access Management solution has a simple architecture designed for pervasive, sustainable deployment. It creates a single gateway with single sign-on for access by system admins, controlling who goes where and also providing an audit trail to trace every action taken on sensitive IT assets.
WALLIX Bastion’s agent-less architecture is lightweight, making the solution inexpensive and easy to deploy and adapt. The agent-less approach mitigates the risk that changes in protected systems will require extensive revamping of the PAM solution.
But don’t be deceived that simple means light on security. WALLX Bastion has a simple architecture, but a sophisticated and rich feature set that can scale with even the largest organizations. It gives you the tools to make PAM an enduring, scalable and consistent part of your security program.
Remember, the best PAM solution is the PAM solution everyone uses.
For more information about the WALLIX Bastion, request your free trial.