The recent airport security breach has once again intensified security controls at airports worldwide. I see this and I immediately think of the parallels with IT security compliance and how we approach it. A looming IT audit, a data breach reported, or our system compromised, and like TSA officials we go in overdrive. What happened in all the prior weeks and months? Security took a recess. We put security programs in place, test them, tweak them and then promptly forget about them. There seems to be two extremes: standstill or overdrive. How do we fix this?
Looking at the standstill phase I see complacency. Our audit is over, we passed with flying colors and the board is appeased. Unfortunately security threats keep morphing and growing and are constantly trying to find holes or create holes in our IT security armor. Then we have overdrive. This wreaks havoc on our budgets, our resources and our employees. Therefore we must find a balance: continuous compliance.
If security awareness and levels are maintained daily at airports across the world, the likelihood of terrorists walking jauntily on to airplanes is slim. So too with our IT security initiatives; we need a proactive approach to regulatory compliance. We should ensure that we are not just compliant but secure, daily. Thus avoiding the potential breaches that complacency exposes us too, as well as the increased cost that overdrive puts us in. What we need is cruise control. This way, we maintain our security initiatives daily. Even though you’re in cruise control your hands are on the steering and you never take your eyes off the road. You may need to tap the brakes, or speed up but you maintain a set speed. Is your security program on cruise control? The road ahead is filled with cloud computing, social media risk and policies, are you looking at the road and the possible threats? Are you continuously compliant? We would love to hear what you are doing to ensure your organization is continuously compliant. Please leave your comments below or contact us here if you need assistance in establishing a continuous compliance program.