CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Analytics and ROI

Making Compliance Part of the "IT DNA"

By Tom Schmidt

For today's enterprises, meeting the requirements of a variety of technical standards, IT governance frameworks, and laws related to security and administration have become a significant challenge. And as numerous industry experts have observed, the pressure to demonstrate compliance with such mandates will likely increase in 2007.

Today's compliance market is similar to the security market of the mid-1990s. Security used to be an afterthought. Companies built their networks and their IT infrastructure without very much thought of security. Once threats and vulnerabilities began to rise in the late '90s, the need for security was better understood. So security got bolted on, and today security is very much engrained in the IT fabric. Compliance is evolving the same way. In most cases, IT infrastructure, processes, and operations weren't built with compliance in mind. But with an increasing regulatory environment, companies have had to adapt very quickly. So today compliance is bolted on, but in the near future policy compliance will become part of the IT DNA.

A "top of mind" issue
Compliance is now a "top of mind" issue for enterprise customers, who are eager to reduce the cost and complexity associated with regulatory compliance through automation.

Software can be used to automate repetitive manual processes. More software equals fewer people, which in turn equals lower costs.

That equation appears to be underscored by the latest (2006) Ernst & Young Global
Information Security Survey, which found:

  • The impact of compliance continues to grow.
  • Compliance is promoting teaming between information and other functional business groups.
  • Compliance is improving information security.

The IT Policy Compliance Group's benchmark report (February 2006), which examined differences between leaders and so-called "laggards" in achieving compliance. According to the report, the three major drivers of performance results in achieving IT compliance are:

  • Frequency of internal audit and IT security monitoring Leaders audit for compliance on a continuous basis, at least once a month.
  • Time allocated by IT to compliance Leaders are spending 50% more time on compliance than laggards.
  • Spending on IT security Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

Conclusion
With high-profile data breaches and regulatory pressures showing no signs of diminishing, enterprises have a vital role to play in educating employees about the importance of good IT compliance and governance. For these organizations, policy compliance can truly become part of the IT DNA.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

-- IT Policy Compliance Group's benchmark report (February 2006)
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service