sb-nz logo
Story image

Cyber-attacks thrust IT compliance to the top of the business agenda

10 Aug 2020

Article by Stax founder and CPO James Coxon.

With companies accelerating their digital transformation efforts thanks to COVID-19, many may assume compliance would fall to the bottom of the to-do list. But cyber-attacks, such as the one reported by the Australian Government last month, only highlight the need for companies to ensure their compliance is watertight.

If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.

Start and start now

As the Chinese proverb goes, “The best time to plant a tree was 20 years ago. The second-best time is now”. The same goes for compliance. 

However far along the compliance road the organisation is, there is no better time to focus on making sure the entire ecosystem is secure and compliant than now.

Sometimes compliance can feel a bit daunting, but there’s no need to boil the ocean. Get started by breaking the project up into digestible chunks of action and start with the low-hanging fruit. 
 

Review and rejig

Start by reviewing the compliance processes already in place. 

Even if there already exists a robust and sophisticated system, given the recent pandemic-related changes, everything needs to be examined through the microscope of the ‘new normal’ to determine whether it is still fit for purpose. 

Dedicate time and people to reviewing that the organisation is still safe. The chances are, something will have changed and that will require an extension of the current toolset and process, or augment what is already in place with more fit-for-purpose capabilities. 

If the organisation was forced suddenly to operate in a cloud environment as a result of COVID-19, the appropriate tools might not be in place at all. In which case, it will be more likely that help will need to be sought from an appropriate specialist.  

Test and measure

Whether the organisation has a major ‘next-generation’, large-scale compliance project, or a small selection of tools, this step is critically important. 

The only way to have confidence that the organisation is compliant is to test the system out. Testing is the only way to discover if the system is working and to uncover any errors. Depending on the results, IT teams can adapt the system accordingly. 
 

Visibility is key

It goes without saying that large numbers of organisations are moving into the cloud to facilitate staff working from home thanks to COVID-19. 

Using an automation platform gives organisations visibility and insight into the cost, risk, quality and compliance of their AWS deployments. 

By making the cloud tangible and visible, and aligning management of AWS to business metrics, IT managers can take full advantage of the services and features available to them.
 

Regulatory requirements

There are huge numbers of regulatory requirements for businesses and knowing where to start can be overwhelming. However, many regulations are not very prescriptive in terms of particular processes and measures organisations are required to follow. 

More often, businesses are required to demonstrate they are able to trade in outside a BAU state. With that in mind, ensuring the appropriate disaster recovery and businesses continuity processes are in place is key. 

Compliance is daunting for many and it can be difficult to know where to start. Sadly, there is no quick and easy route to ensuring compliance. 

Don’t waste time hunting for the silver bullet – it doesn’t exist. It’s about rolling up your sleeves and starting. 

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Link image
Huawei APAC FSI Data Storage Summit: Key takeaways
Missed the action? Catch the Summit on-demand & learn more about the latest trends in data storage.Watch Now