Cyber-attacks thrust IT compliance to the top of the business agenda
Article by Stax founder and CPO James Coxon.
With companies accelerating their digital transformation efforts thanks to COVID-19, many may assume compliance would fall to the bottom of the to-do list. But cyber-attacks, such as the one reported by the Australian Government last month, only highlight the need for companies to ensure their compliance is watertight.
If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.
Start and start now
As the Chinese proverb goes, “The best time to plant a tree was 20 years ago. The second-best time is now”. The same goes for compliance.
However far along the compliance road the organisation is, there is no better time to focus on making sure the entire ecosystem is secure and compliant than now.
Sometimes compliance can feel a bit daunting, but there’s no need to boil the ocean. Get started by breaking the project up into digestible chunks of action and start with the low-hanging fruit.
Review and rejig
Start by reviewing the compliance processes already in place.
Even if there already exists a robust and sophisticated system, given the recent pandemic-related changes, everything needs to be examined through the microscope of the ‘new normal’ to determine whether it is still fit for purpose.
Dedicate time and people to reviewing that the organisation is still safe. The chances are, something will have changed and that will require an extension of the current toolset and process, or augment what is already in place with more fit-for-purpose capabilities.
If the organisation was forced suddenly to operate in a cloud environment as a result of COVID-19, the appropriate tools might not be in place at all. In which case, it will be more likely that help will need to be sought from an appropriate specialist.
Test and measure
Whether the organisation has a major ‘next-generation’, large-scale compliance project, or a small selection of tools, this step is critically important.
The only way to have confidence that the organisation is compliant is to test the system out. Testing is the only way to discover if the system is working and to uncover any errors. Depending on the results, IT teams can adapt the system accordingly.
Visibility is key
It goes without saying that large numbers of organisations are moving into the cloud to facilitate staff working from home thanks to COVID-19.
Using an automation platform gives organisations visibility and insight into the cost, risk, quality and compliance of their AWS deployments.
By making the cloud tangible and visible, and aligning management of AWS to business metrics, IT managers can take full advantage of the services and features available to them.
There are huge numbers of regulatory requirements for businesses and knowing where to start can be overwhelming. However, many regulations are not very prescriptive in terms of particular processes and measures organisations are required to follow.
More often, businesses are required to demonstrate they are able to trade in outside a BAU state. With that in mind, ensuring the appropriate disaster recovery and businesses continuity processes are in place is key.
Compliance is daunting for many and it can be difficult to know where to start. Sadly, there is no quick and easy route to ensuring compliance.
Don’t waste time hunting for the silver bullet – it doesn’t exist. It’s about rolling up your sleeves and starting.