• Javid Khan, Chief Cloud Officer at Pulsant


• 17.10.2018 11:30 am
Cloud , Compliance

A recent survey of more than 360 enterprises revealed that 86% are dealing with the complexity of multiple types of data and/or data-related processes subject to privacy and security compliance requirements. Just 61% say that their organisations are compliant.^[1]

This is a worry, but when you consider the variety of types of data that organisations create, process, store, etc., and the different compliance requirements associated with each type, it is not surprising. By their very nature, financial institutions hold several different categories of data and navigating all the compliance frameworks is extremely complex.

Financial data is also at greater risk of being stolen due to its value and consumers attach huge weight to it, often more than they do to other personal data. Add to this the fact that data is often held in silos; it could be stored on premise, in the cloud or in real time, and a compliance strategy becomes paramount.

The challenge for CIOs, CISOs and compliance teams is to maintain the required level of data security while allowing this data to be fluid within the organisation and reducing operational costs at the same time. But the stakes are high; if companies fail in their compliance requirements customers will choose to go elsewhere, and penalties may follow. Additionally, the challenge is not to just achieve compliance as a one off, it needs to be ongoing.

Continuous compliance is a strategy which enables financial organisations to deal with these challenges.

Compliance in the cloud

As new technologies emerge, businesses transform, and markets evolve, compliance efforts may become undone. Only a continuous approach can prevent this from happening. Cloud technology can help eliminate some of the burden that comes with this through the elimination of hardware limitations.

While there are indeed technical and security-related obstacles to consider, the advantages that cloud technology has to offer from a compliance perspective certainly outweighs anything else. Businesses have already realised its potential in reducing operational complexities, and these benefits can also be transferred to the world of continuous IT compliance.

Most significantly, using cloud technology to monitor and control IT compliance offers a tremendous amount of transparency: being able to audit, query, alert and resolve any cloud infrastructure changes through virtual means is an incredibly powerful tool to have. It can also deliver significant cost savings and streamline workflows through automating certain processes, simplifying reporting and cutting down on the number of compliance and reporting tools needed.

Looking more specifically at how this might help organisations achieve a continuous compliance approach, it largely comes down to unification. A cloud-based platform can enable a business to integrate all its relevant compliance-based data and information into a single view, thanks to the ability to consolidate their existing management tools and their respective data sources. When implemented and configured in the right way, this can provide operators with an intuitive compliance dashboard that combines data sources from across the organisation. It also enables automation and manual remediation to fix non-conformities and further prevent breaches.

The use of cloud technology also allows organisations to continually track their infrastructures and trigger instant alerts when necessary. Using pre-defined rules and the ability to add bespoke policies, a cloud-based platform can continuously pull information and check it against the controls it has in place to identify any instances of non-conformities, which makes it simpler for any issues to be audited and resolved.

Conclusion

Financial organisations should start the compliance journey by defining their security and compliance objectives and looking how best to meet them, now and in the future. But this can be hard to do when there is a complex hybrid IT environment encompassing legacy infrastructure cloud, SaaS and connected devices to name a few.

Essentially, continuous compliance involves an organisation-wide strategy and focus in order to be developed effectively. The good news is that there are lots of sophisticated monitoring tools that can proactively assess your environment, as well as many automation tools which allow you the process of collecting and sharing data to industry bodies a lot simpler. Using third-party experts can assist even further.

Compliance is not a race that is run once. Financial institutions need to change their mindset to one of attaining continuous compliance. Only then can they capitalise on all the benefits that cloud, and other new technologies have to offer.