Simply Security - News, Views, and Opinions from Trend Micro

Posted on June 15th, 2012 in Compliance & Regulations by Simply Security | Be the first to comment | Tags: Compliance & Regulations

Compliance initiatives need to change with today's evolving IT landscape.

As the digital landscape evolves and becomes a more important part of everyday business operations, rules and regulations regarding innovative technologies also change. It is important that CIOs responsible for maintaining order in the technological era keep up with changing compliance standards, thereby mitigating concerns related to breaking ethical or legal policies.

According to a new study by PricewaterhouseCoopers (PwC), compliance departments in the majority of today's businesses are primarily responsible for virtually every risk or regulatory issue encountered in the enterprise. This includes but is not necessarily limited to supply chain problems, social media and data security.

While these concerns may not have been too problematic in the past, new challenges have recently risen and introduced complications to the private sector. PwC noted that a major issue is the continued use of fragmented IT systems. This problem grew from the demand to implement innovative strategies like cloud computing, virtualization and BYOD (bring your own device) without much planning, causing regulatory issues to crop up throughout the company.

The study found that the ongoing and unpredictable economic climate, constrained budgets and shifts in compliance requirements have also introduced new challenges for the CIO.

"Technology is still not enabling governance, risk and compliance the way it could," PwC Advisory practice principal Sally Bernstein said. "Many companies are still not leveraging for efficiencies. Even worse is that at the same time, technology – social media and the explosion of data and devices – is making compliance more complex."

The study found that compliance initiatives are improving, however, as nearly three-quarters of U.S. companies have a regulatory committee, compared to only 57 percent in 2011. Meanwhile, 78 percent of survey respondents expect audit committee demands to become more strict in the coming years, as only 35 percent of decision-makers are extremely satisfied with how well internal audits assess risk and compliance demands.

A separate report by Pharmaceutical Compliance Monitor noted that businesses will need to adjust compliance strategies to address cloud computing, which has become a technological initiative for virtually every company looking to remain competitive. Since the cloud has changed the way businesses purchase, use and maintain IT services, there is a growing need for organizations to adopt new compliance practices to ensure the quality, integrity and reliability of the cloud infrastructure without sacrificing data protection or efficiency.

Furthermore, the cloud promotes remote working and mobility much more than traditional IT services. As a result, companies that extend beyond a single country's borders need to ensure that regulatory requirements are met in both countries, not just the one where the cloud is hosted. This is one of the reasons why cloud adoption in Europe is trailing behind other regions around the globe.

According to a recent study by Gartner, the diverse and changing data privacy regulations landscape across Europe's 44 countries is one of the continent's major inhibitors to cloud adoption.

The same concept extends to virtually every branch of IT: compliance is essential to keeping up with data protection and mitigating risk. Knowing this, decision-makers are changing processes. According to PwC, 21 percent of respondent said compliance budgets have grown from $3 million in 2011 to $10 million in 2012.

"Despite the positive changes in many areas, there is still room for improvement. Eight percent of companies have no formal chief compliance officer at all," Compliance Week editor-in-chief Matt Kelly said. "We are indeed moving in a good direction but much remains ahead to achieve a truly strong, flexible and effective compliance program."

Security News from SimplySecurity.com by Trend Micro