sb-au logo
Story image

Cyber-attacks thrust IT compliance to the top of the business agenda

10 Aug 2020

Article by Stax founder and CPO James Coxon.

With companies accelerating their digital transformation efforts thanks to COVID-19, many may assume compliance would fall to the bottom of the to-do list. But cyber-attacks, such as the one reported by the Australian Government last month, only highlight the need for companies to ensure their compliance is watertight.

If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.

Start and start now

As the Chinese proverb goes, “The best time to plant a tree was 20 years ago. The second-best time is now”. The same goes for compliance. 

However far along the compliance road the organisation is, there is no better time to focus on making sure the entire ecosystem is secure and compliant than now.

Sometimes compliance can feel a bit daunting, but there’s no need to boil the ocean. Get started by breaking the project up into digestible chunks of action and start with the low-hanging fruit. 
 

Review and rejig

Start by reviewing the compliance processes already in place. 

Even if there already exists a robust and sophisticated system, given the recent pandemic-related changes, everything needs to be examined through the microscope of the ‘new normal’ to determine whether it is still fit for purpose. 

Dedicate time and people to reviewing that the organisation is still safe. The chances are, something will have changed and that will require an extension of the current toolset and process, or augment what is already in place with more fit-for-purpose capabilities. 

If the organisation was forced suddenly to operate in a cloud environment as a result of COVID-19, the appropriate tools might not be in place at all. In which case, it will be more likely that help will need to be sought from an appropriate specialist.  

Test and measure

Whether the organisation has a major ‘next-generation’, large-scale compliance project, or a small selection of tools, this step is critically important. 

The only way to have confidence that the organisation is compliant is to test the system out. Testing is the only way to discover if the system is working and to uncover any errors. Depending on the results, IT teams can adapt the system accordingly. 
 

Visibility is key

It goes without saying that large numbers of organisations are moving into the cloud to facilitate staff working from home thanks to COVID-19. 

Using an automation platform gives organisations visibility and insight into the cost, risk, quality and compliance of their AWS deployments. 

By making the cloud tangible and visible, and aligning management of AWS to business metrics, IT managers can take full advantage of the services and features available to them.
 

Regulatory requirements

There are huge numbers of regulatory requirements for businesses and knowing where to start can be overwhelming. However, many regulations are not very prescriptive in terms of particular processes and measures organisations are required to follow. 

More often, businesses are required to demonstrate they are able to trade in outside a BAU state. With that in mind, ensuring the appropriate disaster recovery and businesses continuity processes are in place is key. 

Compliance is daunting for many and it can be difficult to know where to start. Sadly, there is no quick and easy route to ensuring compliance. 

Don’t waste time hunting for the silver bullet – it doesn’t exist. It’s about rolling up your sleeves and starting. 

Story image
Ensign and Cybereason expand security offerings with partnership
Partnership enables mutual customers throughout APAC to access managed detection and response capabilities.More
Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More
Story image
SMEs treading water against 'endless volley' of cyber-attacks — report
According to a new report from Cynet, these SMEs are resorting to outsourcing some aspects of their threat mitigation in order to safeguard IT assets, as a result of the heightened risk of serious breaches.More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Australian Department of Defence renews license with archTIS for NC Protect
"This is an exciting time for archTIS as it continues to successfully execute our strategy to become the global leader of policy enforcement in the protection and sharing of sensitive and classified information.”More