Lower Organizational Risk by Embracing a Culture of Compliance.

Benefits of fostering a culture of joint accountability.

Hybrid, multi-cloud, and edge environments are becoming the standard for organizations, but securing cloud environments is substantially more complex than securing on-premise environments. In addition to accelerating security concerns, most organizations must comply with at least 13 specific regulations. 

These regulatory frameworks and associated policies are often related to business-critical functions such as credit card payment processing, user data security, or vital employee endpoints support. Failing to maintain compliance can put your organization at risk of a tarnished reputation, lost business, substantial fines, or even legal action. 

Puppet, a maker of software that helps ensure consistency, compliance, and security at scale, recently hosted a fireside chat exploring one way your company can overcome the mounting challenges of compliance.

The event, “Foster a culture of joint accountability for security, IT, risk management, and compliance teams at your organization,” explains how your company can work toward ensuring compliance at scale. 

Exploring the three benefits of joint accountability can help you understand why your organization should tackle compliance through closer collaboration between teams.

When organizations create a culture of compliance, they reduce risk, improve efficiency, and create a scalable foundation for the future.

 

“Compliance activities and fines cost organizations nearly $4m per year.”

Source: Compliance activities and fines cost organizations nearly $4m per year, Security Magazine, October 15, 2020

 

Reduce risk with streamlined compliance processes. 

Creating a culture of compliance begins with establishing joint accountability for policy creation and enforcement and leveraging the expertise of several fields. 

Traditionally, employees with the four specific skill sets critical to ensuring compliance, security, IT, corporate compliance, and risk management work on disparate teams, interacting solely during audits and event-specific remediations. 

Together, these leaders have valuable experience to help your organization create and enforce policies more effectively and reduce risk exposure.

 

To reduce risk, pull critical skills and knowledge from these four teams:

  • Risk Management studies an organization’s operational and tactical exposure across various factors, including vendors, legal actions, and business continuity.
  • Information Security refers to the tools and processes used to protect devices, applications, systems, and infrastructure from unauthorized access, disruption, modification, or destruction. 
  • IT Operations have end-to-end responsibility for infrastructure and systems that support business processes.
  • Corporate Compliance designs, implements, and monitors policies to ensure the organization follows applicable laws and regulations. 

 

With their combined knowledge and experience, these four groups can define and push toward policy compliance or the desired state. 

Risk Management and Corporate Compliance have up-to-date, organizational-wide knowledge of regulations, frameworks, and existing policies needed to define the desired state. IT Operations and Information Security can influence policy too, but also have the expertise to push systems to that desired state.  

With these teams working together toward one goal, the funds and resources allotted for each individual team’s efforts can now be redirected to other projects. 

 

Increase organizational efficiencies. 

Streamlined compliance means increased productivity for individual teams, as well as greater efficiencies for the organization at large. 

Most organizations have a reactionary stance toward compliance, meaning IT is stuck in a cycle of stress-inducing audits, requiring manual tasks. 

Usually, the cycle starts with a manual handoff of failures for the team to address. Then, they work on manual policy implementation and remediation. As this manual, slow work leads to eventual configuration drift, at best, the cycle repeats. At worst, the configuration drift leads to noncompliance with serious consequences. 

And audits aren’t just laborious, they can be emotionally taxing and adversarial. But when teams responsible for IT operations, security, and corporate compliance share accountability, the relationship shifts from potentially adversarial to collaborative. 

The framing changes from, “What have you done to leave us vulnerable?” to “This is what we are doing together to prevent vulnerabilities.

Combining forces brings greater protection and efficiency, which leads to budget savings. 

 

Innovate with a scalable foundation for the future.

As companies continue to accelerate digital initiatives, business innovation needs and infrastructure requirements become more complex, and more complexity means more exposure.

 

“One-third of companies report poor governance and compliance practices around cloud security are a problem.”
Source: Bissell K, Fox J, LaSalle RM, Dal CIn P, State of Cybersecurity Resilience 2021, Accenture, 2021.

 

If organizations want to keep pace with competitors’ rates of innovation or set the pace themselves, they must find a way to ensure compliance at scale. 

Leveraging this established relationship between IT and compliance and risk professionals allows organizations to automate compliance, based on the agreed-upon, readable policies implemented as code. 

Policy as code creates a scenario of continuous compliance for the never-ending loop of assessment, enforcement, and remediation, allowing for compliance at scale. 

Companies introducing automatic compliance checks early in the DevOps process are proving to boost innovation. Gartner found that simply introducing automatic compliance checks early in the DevOps process (also known as “shifting left”) can improve time to market by 20%.

 

“Shift left” to improve time to market by 20%.”
Source: Betts D, et al. Innovation Insight for Continuous Compliance Automation, Gartner, August 11, 2020.

 

How to foster joint accountability

Companies that achieve always-on, continuous compliance reduce their exposure to external attacks, improve team collaboration, and spend less time on remediation.

So, how can you get started creating this culture of compliance? 

During Puppet’s fireside chat with Senior Product Manager Alex Hin, he shares the specific eight steps a company can take to foster a culture of joint accountability for compliance. 

Watch the fireside chat on demand to learn the eight steps companies can take to foster joint accountability that lower risk, increase efficiencies, and help create a foundation for secure innovation.

 

 

Software Daily

Software Daily

 
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.