No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

5 Upcoming Trends in Compliance

Taking on Heightened Security and Privacy Concerns

by Adam Shnider
January 21, 2019
in Compliance, Featured
man in suit manipulating compliance technology on virtual screen

2018 demonstrated that cyber threats are far from being tackled. Coalfire’s Adam Shnider discusses how in 2019, we can expect compliance and governmental bodies to set the bar even higher to protect data.

While it may appear that enterprise security teams and compliance frameworks have stepped up their game to address cybersecurity risk, this past year evidenced the fact that cyber threats are as present as ever. We predict the following compliance trends will rise to the top in 2019:

1. Compliance in the Cloud

For years, companies have been diving deeper into the cloud, moving more critical functions over for the scalability, efficiency, effectiveness and usage-based pricing models it affords. Yet many enterprises have been hesitant to move functions requiring security compliance into cloud solutions. In 2018, we saw more companies get comfortable leveraging the tools, features and functions native to cloud service provider (CSP) offerings, moving more regulated functions to cloud-based services. Expect this trend to continue and escalate in 2019 as CSPs demonstrate their high level of security and compliance expertise in their native environments.

It will not stop at moving the functions, though: organizations that move to the cloud to really leverage the benefits will be re-engineering their technology stack to take advantage of the elasticity that the cloud provides, which requires a whole new skill set to deploy infrastructure as code, and doing this with security in mind will be an absolute necessity for protecting data and also meeting compliance requirements.

2. Privacy Gets Hotter, Merges with Security Efforts

Before companies mined and shared customer data for targeted marketing and other uses, security efforts addressed privacy concerns by building security controls to ensure the confidentiality of data (as a part of the Confidentiality, Integrity, and Availability [CIA triad] charter of cybersecurity). Once data sharing and big data analytics became a modus operandi and individuals’ desire to have their data deleted and “forgotten” was supported by regulations such GDPR, cybersecurity measures didn’t go far enough to address privacy.

Today, privacy continues to heat up globally with new regulations in Brazil and at the U.S. state level with regulations like the California Consumer Privacy Act and others likely on the horizon both at the state and federal level. The lines between security and privacy are blurring yet again; in meeting GDPR, companies must demonstrate adequate security measures to protect consumer data. In meeting compliance regulations, such as GDPR, many of our customers are taking the additional step of addressing all relevant privacy and security regulations simultaneously. Expect to see privacy regulations continue to expand in 2019 and security and privacy to continue to merge as these regulations not only focus on the confidentiality of the data, but also the right of the consumer to gain access to their data (availability) and ensure its accuracy (integrity), as well as the right to be forgotten.

3. Automation

Along with the move to the cloud and building infrastructure from code, companies will look to automate the validation process by embedding ways to gain visibility into the routine, repeatable and predictable parts of compliance into their architectures. This will allow companies to understand their security in these areas on an ongoing basis and also help streamline the validation process by reviewing dashboards and output from the environment rather than performing manually intensive sampling reviews that are becoming much less relevant and effective as environments are becoming more dynamic with newer technologies. By embedding automated dashboards into the enterprise security monitoring architecture, organizations can not only streamline their annual compliance efforts, but also have real-time visibility into their security status.

4. Simplification of Assessments

“Audit fatigue” isn’t just a catchy marketing phrase, it’s a reality for many enterprises. Many organizations today have to comply with multiple regulations and requirements, and as companies continue expanding into new regulated markets, they will be faced with new compliance frameworks — and it is likely to get even more complex (who would have thought 10 years ago that large retailers would be selling medical services and requiring HIPAA assessments?).

Conducting assessments and compliance cycles separately is not only time-consuming, it’s incredibly inefficient considering the many overlapping operational components that exist to manage the systems that support each set of data across the frameworks. In 2019, look for enterprises to align their assessment and compliance cycles, and expect a single assessment to be performed that can cover all of the requirements at one time for greater efficiency, cost savings and improved resource usage, allowing enterprises to focus the lion’s share of their year on other business drivers.

5. Emerging Tech Meets Compliance

As emerging technology goes mainstream, regulatory bodies begin to increase their interest in understanding the risk and determining changes to existing or new compliance requirements. We are at the cusp of seeing regulation around emerging tech, such as IoT, blockchain and artificial intelligence (AI). NIST recently released the draft report, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks,” to help federal agencies understand and manage device cyber risks. It is the first of a series of IoT documents; more will follow and become more specific on various aspects of IoT risk. We also closed out 2018 with the announcement of a new U.K.-based voluntary cybersecurity standard for the manufacturers of autonomous vehicles. We predict 2019 will see more orchestrated efforts to employ security standards on these technologies to ensure a baseline of controls is applied to their implementations in regulated environments.


Tags: Artificial Intelligence (AI)Big DataBlockchainCalifornia Consumer Privacy Act (CCPA)Cloud ComplianceData AnalyticsGDPRInternet of Things (IoT)
Previous Post

3 Key Compliance Trends for 2019

Next Post

A Cybersecurity Compliance Crystal Ball For 2019

Adam Shnider

Adam Shnider

Adam Shnider is the Executive Vice President of the Commercial Services at Coalfire. He has extensive experience in information security leadership, audit and assessment planning, enterprise risk management and helping clients meet compliance readiness requirements. He holds numerous industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

DALL·E 2023-02-16 13.18.43 - magritte style painting of robot looking into mirror

A Bot Isn’t Going to Take Your Place, But AI Will Make Your Job Harder

by Jennifer L. Gaskin
March 8, 2023

OpenAI’s splashy ChatGPT rollout has generated untold amounts of text, both directly and indirectly. While much of what’s been written...

cloud computing security

Cloud Security Isn’t Just on Your Provider; It’s Your Job, Too

by Wolters Kluwer
March 1, 2023

Organizations want to embrace all the benefits the cloud has to offer while still protecting their sensitive data. Engaging a...

Next Post
hands around glowing crystal ball

A Cybersecurity Compliance Crystal Ball For 2019

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT