sb-nz logo
Story image

Cyber-attacks thrust IT compliance to the top of the business agenda

10 Aug 2020

Article by Stax founder and CPO James Coxon.

With companies accelerating their digital transformation efforts thanks to COVID-19, many may assume compliance would fall to the bottom of the to-do list. But cyber-attacks, such as the one reported by the Australian Government last month, only highlight the need for companies to ensure their compliance is watertight.

If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.

Start and start now

As the Chinese proverb goes, “The best time to plant a tree was 20 years ago. The second-best time is now”. The same goes for compliance. 

However far along the compliance road the organisation is, there is no better time to focus on making sure the entire ecosystem is secure and compliant than now.

Sometimes compliance can feel a bit daunting, but there’s no need to boil the ocean. Get started by breaking the project up into digestible chunks of action and start with the low-hanging fruit. 

Review and rejig

Start by reviewing the compliance processes already in place. 

Even if there already exists a robust and sophisticated system, given the recent pandemic-related changes, everything needs to be examined through the microscope of the ‘new normal’ to determine whether it is still fit for purpose. 

Dedicate time and people to reviewing that the organisation is still safe. The chances are, something will have changed and that will require an extension of the current toolset and process, or augment what is already in place with more fit-for-purpose capabilities. 

If the organisation was forced suddenly to operate in a cloud environment as a result of COVID-19, the appropriate tools might not be in place at all. In which case, it will be more likely that help will need to be sought from an appropriate specialist.  

Test and measure

Whether the organisation has a major ‘next-generation’, large-scale compliance project, or a small selection of tools, this step is critically important. 

The only way to have confidence that the organisation is compliant is to test the system out. Testing is the only way to discover if the system is working and to uncover any errors. Depending on the results, IT teams can adapt the system accordingly. 

Visibility is key

It goes without saying that large numbers of organisations are moving into the cloud to facilitate staff working from home thanks to COVID-19. 

Using an automation platform gives organisations visibility and insight into the cost, risk, quality and compliance of their AWS deployments. 

By making the cloud tangible and visible, and aligning management of AWS to business metrics, IT managers can take full advantage of the services and features available to them.

Regulatory requirements

There are huge numbers of regulatory requirements for businesses and knowing where to start can be overwhelming. However, many regulations are not very prescriptive in terms of particular processes and measures organisations are required to follow. 

More often, businesses are required to demonstrate they are able to trade in outside a BAU state. With that in mind, ensuring the appropriate disaster recovery and businesses continuity processes are in place is key. 

Compliance is daunting for many and it can be difficult to know where to start. Sadly, there is no quick and easy route to ensuring compliance. 

Don’t waste time hunting for the silver bullet – it doesn’t exist. It’s about rolling up your sleeves and starting. 

Story image
Trend Micro launches cloud native security solution for modern applications and APIs
“Application security is an invaluable part of the Cloud One platform, integrating technology to provide superior protection for customers deploying applications wherever it makes the most sense for them."More
Story image
Why you should become Azure certified - and how to do it for less
Did you know an Azure Certification can help you lead digital transformation in your organisation? But's not the only reason to become Azure certified...More
Story image
NCSC prevents $70m harm against NZ's nationally significant organisations
New Zealand’s nationally significant organisations have faced at least 352 cyber incidents in the 2019/2020 year, but the dangers are far from over.More
Story image
CyberArk launches Forescout and Phosphorus integration to aid with IoT security
“Through our integration with Forescout and Phosphorus, CyberArk dramatically improves security and compliance, and alleviates the burden on IT and security teams."More
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More