Security

Compliance automation to confound cyber criminals

How you can streamline the auditing process while improving compliance and security


Sponsored Post Eminent US businessman Norman Ralph Augustine - who served as United States Under Secretary of the Army, as well as chairman and CEO of the Lockheed Martin Corporation - pointed to the importance of audit and compliance when he famously commented: "Two-thirds of the Earth's surface is covered with water. The other third is covered with auditors from headquarters."

And for companies today, the need to maintain and enhance levels of audit and compliance against the backdrop of an ever-worsening cyber security threat landscape has become more pressing than ever before.

Security breaches can happen at any time given the complexity of modern IT systems, but the threat is ramping up at an unprecedented rate. The Center for Strategic and International Studies report, The Hidden Cost of Cybercrime, warns that cybercrime incidents are now estimated to be costing the world economy in excess of $1trn annually.

Security and compliance breaches can cause operational disruption, lost revenue, customer dissatisfaction, and lead to potentially catastrophic legal or regulatory actions, according to a new white paper published by compliance automation specialist Drata. At the same time, legacy manual compliance practices struggle to keep up as key staff spend ever more time checking systems and filling in spreadsheets.

And after these labour-intensive processes, compliance officers must then map this evidence against internal policies and external compliance frameworks. Even so, by the time Augustine's auditors descend these snapshots may not turn out to be good enough.

Drata's research concludes that the answer to this problem is to ditch these legacy and inefficient manual compliance processes and replace them with automated systems that continuously and automatically monitor security controls 24-7 across all on-premises systems, cloud service providers and SaaS vendors. These systems can also automatically address minor compliance issues while generating alerts for more pressing issues that require staff intervention.

Drata argues that compliance automation can transform the audit experience "from a burden to an opportunity". This fundamental productivity shift can be achieved as automation streamlines the auditing process, while simultaneously improving compliance and security. Drata found that companies monitoring compliance manually "dread" requests for audits as they are forced to scramble to collect evidence, reconcile spreadsheets, and resolve any resulting issues.

However, with continuous monitoring and evidence collection, all the necessary compliance information is already, automatically, in one place. And certifying compliance continuously rather than at a point in time gives customers significantly more confidence in a company's ability to maintain compliance.

In a world where the danger posed by criminal and malicious cybercrime is growing year-on-year the importance of audit and compliance has never been greater. And it is these concerns that are in turn driving momentum for the mainstream adoption of compliance automation technologies.

To learn more download Drata's white paper here.

Sponsored by Drata.

Send us news

Farewell .NET 7, support ends in May - we hardly knew you

Standard Term Support means only 18 months before retirement

Amazon fined in Europe for screwing shoppers with underhand dark patterns

E-commerce titan to appeal sanction amounting to three hours of annual profit

Do not touch that computer. Not even while wearing gloves. It is a biohazard

PLUS: Dodging rats the size of cats while repairing chewed-through cabling

Microsoft rolls out safety tools for Azure AI. Hint: More models

Defenses against prompt injection, hallucination arrive as Feds eye ML risks

Hillary Clinton: 2024 will be 'ground zero' for AI election manipulation

2016 meddling was 'primitive' compared to what's ahead

Cloud server host Vultr rips user data ownership clause from ToS after web outrage

We know the average customer doesn't have a law degree, CEO tells us

HPE bakes LLMs into Aruba as AI inches closer to network takeover

But don't worry, the models are here to help summarize technical docs and answer your questions ... for now

Pressuring allies not to fulfill chip kit service contracts with China now official US policy

Xi Jinping warns 'no force' can stop country's science and tech progress

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Vendor takes hardline approach to patch disclosure to new levels

University of Washington's Workday woes leave research grants in limbo

$340M finance upgrade still working out the kinks

FTX crypto-crook Sam Bankman-Fried gets 25 years in prison

Could have been worse: Prosecutors wanted decades more

Nvidia's newborn ChatRTX bot patched for security bugs

Flaws enable privilege escalation and remote code execution