IT compliance. It´s a phrase that resonates throughout every enterprise today, from the data center to the boardroom. And it´s not hard to see why. In just the last few years, IT compliance has emerged as an ongoing, critical business function that has a profound effect on an organization´s growth and success. IT compliance may be interpreted in numerous ways, but the purpose of an increasing number of recent regulations, industry standards, and best practices frameworks is to achieve a common result: to preserve the security, the availability, and, ultimately, the integrity of business information.
This article looks at some of the principal challenges to sustained IT compliance, and how an automated solution can help enterprises effectively govern their compliance efforts, while at the same time reducing cost and inefficiencies.
Managing compliance amid multiple regulations
As any IT professional knows, enterprises today are under increasing regulatory pressure — the governance requirements of Sarbanes-Oxley, the privacy requirements of HIPAA, the homeland defense measures of The USA Patriot Act, the European Data Protection Act, and the Basel II Accord, to name just a few.
Moreover, it´s often the case that an organization is subject to more than one regulation. In fact, in a recent survey conducted by SecurityCompliance.com, 70% of the companies surveyed reported being subject to multiple regulatory compliance mandates.
With so many organizations struggling to meet audits that must satisfy multiple mandates, it´s no surprise that vast amounts of IT resources are being spent to demonstrate IT compliance. SecurityCompliance.com estimated recently that, on average, 34% of IT resources are being spent on meeting multiple regulatory compliance demands.
Why such a high percentage? Because in too many cases manual or ad hoc processes are woven through the entire IT compliance process. And manual processes are labor-intensive, error-prone, and not easily repeatable.
In addition, compliance initiatives managed by different groups in separate departments can mean duplicative efforts to test and measure the same IT control function across the organization.
The result, in all these cases, is a waste of resources.
“That´s why you need automated processes,” says Arshad Matin, vice president, compliance and security management, at Symantec. “Otherwise you´re just barely going to pass an audit, at best, and at an exorbitant cost.”
The email and messaging challenge
Complicating every organization´s compliance effort even further is the need to properly manage email and instant messaging data. The staggering growth of corporate email and IM volumes in recent years only underscores the challenge. According to a survey conducted earlier this year by Osterman Research, the typical user in a large organization sends or receives 85 emails each day, or more than 22,000 emails every year.