Debunking The Myth That Greater Compliance Makes IT More Secure

By Louis Columbus on June 22, 2020

On the other hand, the most crucial compliance event of all, audits, are prepared for, often months in advance. Compliance, risk, and governance (GRC) teams go to Herculean efforts to exceed and satisfy audit prep timelines working nights and weekends.

Wishing to find out more about the relationship in between GRC and cybersecurity method, I browsed for webinars on the topic. I discovered Improve Your Compliance Posture with Identity-Centric PAM, a recent webinar-on-demand used by Centrify. The webinar raised a number of intriguing insights, consisting of shared pains business experience with compliance and cybersecurity, yet require significantly various methods to fixing them.

Bottom Line: Excelling at compliance does not safeguard any business from being hacked, yet pursuing a constant risk management method assists.

Rationalizing Compliance Spending with Cybersecurity

The reality is companies are attempting to justify the high expenses of compliance by looking for how GRC spend can also enhance cybersecurity. Marriott is an excellently handled business and sets requirements in compliance.

Why are companies assuming GRC costs will improve cybersecurity? Its because both areas share a common series of pains that need different options, according to the webinar. These pains include:

Updates to policies are significantly increasing today, balancing 200 or more each day from around 900 oversight companies worldwide, leading to a quickly changing, heterogeneous landscape. Dr. Torsten George, Cybersecurity Evangelist at Centrify, said that when he worked in the GRC area, the midsize clients he worked with needed to handle 17 various guidelines. Bigger companies that run on an international basis are dealing with, typically, 70 or more guidelines they need to remain in compliance with. Dr. George provided a summary of the compliance landscape, distinguishing between the levels compliance requirements every organization needs to abide by, which is revealed below:

The lack of continuous danger monitoring by GRC groups and identity management by IT cybersecurity leads to systemic failures in accomplishing compliance and securing an organization. Identity-Centric Privileged Access Management (PAM) offers GRC and IT experts mutual benefits when it comes to achieving the objective of being and staying certified, and shows how securing enterprises drive better compliance, not vice versa.

Compliance is, by nature, reactive to a recognized event (audit), while cybersecurity is also completely reactive to random events (cyberattacks). GRC teams require to ramp up their staff and equip them with the apps and tools they require at least 6 months before an audit. For cybersecurity, the threat is random and will most likely be more serious in terms of monetary loss. Getting ready for each takes entirely different strategies.

Manually updating compliance mapping tables revealing the interrelationships of requirements by market is not scaling– and leaving spaces in GRC coverage. The more regulated an organisation is, for example production medical items, the more important it is to automate every aspect of compliance.

How To Resolve The Conflict Between GRC and Cybersecurity Spending

According to the webinar, 80% of todays data breaches are triggered by default, weak, stolen, or otherwise jeopardized credentials. GRC and cybersecurity methods best efforts require to be put on securing fortunate gain access to first. The webinar makes a strong argument for focusing on fortunate gain access to security as the initiative that can combine GRC and cybersecurity methods.

Key insights from the webinar include the following:

Market standards and federal government policies are requiring identity and gain access to management as a requirement, with numerous particularly calling advantage access controls.
Identity-Centric Privileged Access Management (PAM) approaches help meet compliance requireds, while at the exact same time solidifying cybersecurity to the threat surface area level.
Obtaining higher compliance by taking an Identity-Centric PAM approach guarantees makers have actually secured identities also, and making use of anonymous gain access to accounts is restricted to break-glass circumstances only, while companies should otherwise be leveraging business directory site identities for the authentication and permission procedure.
Improving accountability and segmentation by establishing granular security controls and auditing everything assists bridge the gap between GRC and cybersecurity efforts.


Continuous threat management is crucial to excelling at compliance, simply as protecting fortunate access credentials is foundational to an effective cybersecurity strategy. Dr. Torsten George ended the webinar stating, “In the long term, I believe that the present scenario that were handling and its associated spike of cyber-attacks will lead to even more stringent compliance mandates; specifically when it pertains to protect remote access by crucial IT stakeholders and outsourced IT.” The bottom line is that compliance and cybersecurity need to share the common goal of protecting their companies privileged gain access to qualifications utilizing adaptive approaches and innovations if both are going to succeed.


Posted in Business, Featured Posts, Technology/ Software, Trends & & Concepts|Tagged Amazon Web Services, Amazon Web Services Security, Centrify, Cyberattacks, Identity-Centric PAM, Identity-Centric Privileged Access Management, Louis Columbus blog site, microsoft, Palo Alto Networks |

The truth is organizations are attempting to rationalize the high expenses of compliance by looking for how GRC spend can also improve cybersecurity. Dr. George supplied an overview of the compliance landscape, separating in between the levels compliance requirements every organization needs to abide by, which is shown listed below:

The absence of continuous danger tracking by GRC teams and identity management by IT cybersecurity leads to systemic failures in achieving compliance and protecting an organization. Continuous threat management is essential to standing out at compliance, simply as securing privileged access credentials is foundational to an efficient cybersecurity method. The bottom line is that compliance and cybersecurity must share the common objective of safeguarding their organizations fortunate gain access to credentials using adaptive techniques and innovations if both are going to prosper.


15 gadgets that will sell out in 2020