Perhaps once distinct teams within organizations, security and compliance functions today go hand-in-hand — or at least they should, writes Sumo Logic CSO George Gerchow.
Data breaches continue to wreak havoc on today’s enterprise, with rising stakes of both cost and reputation. To help combat this challenge, we’re seeing more government regulations across industries create a compliance roadmap for IT security. To add to the pressures of security and privacy, the skills gap is widening and is being compounded by layoffs in the technology industry.
To protect against the increase of threats in the enterprise and meet new compliance standards, security and compliance teams need to better align. Our recent report found that split and shifting priorities continue to plague security and compliance teams. The report found that 76% of security teams have significantly or completely shifted their organization’s security strategy for regulatory and compliance priorities. This has resulted in many companies having security teams take on privacy controls if/when necessary. Less than half companies (40%) said they have suspended or postponed security projects to address compliance issues, which has resulted in putting security in the backseat.
The reality is that companies are still trying to find the split between security and compliance. But this strategy has to change. There are two simple steps that companies can take to merge budgets and create team collaboration to align security and compliance initiatives.
Let’s face it: Nobody wants to be audited. For the average Joe, an IRS audit is a hassle (at best). And in the corporate world, the word itself is sure to draw ire. But Drata’s Troy Fine talks about the nuances of cybersecurity audits and why companies should welcome rather than fear them.Read more
Merge security and compliance budgets
Security and compliance initiatives are equally important to securing and protecting today’s workforce and should not be siloed. However, when budgets are allocated, one division usually gets more resources. When security and compliance teams have a unified strategy and budget, it allows for each team to focus on what they do best — fighting threats and navigating increasing government regulatory pressures.
Currently, 86% of technology leaders in our survey said they plan to make a significant investment in compliance solutions and data privacy in the future, while just over half (52%) will make a significant investment in a security management suite. By merging budgets, security and compliance teams can invest in comprehensive solutions to unify their strategies.
Security and compliance practices have demonstrated that they are meant to go together. It’s hard to run one cyber division successfully without the other.
Unite teams with collaboration tools and unified responsibilities
More organizations are under regulatory scrutiny, and companies cannot afford to stray from protocol, making compliance a business-driven initiative that funds security. Therefore, compliance and security teams need to remove communication silos and learn to work together to tightly manage security and compliance.
As a first step to boost team collaboration, security and compliance team members need to understand one another’s clear and defined roles and use shared collaboration tools like Slack or other instant-messaging apps. Once aligned on roles and responsibilities, I recommend documenting them in this shared space so it’s easily accessible by teams and can be regularly updated. By merging collaboration tools, security and compliance teams also gain greater visibility into similar challenges, a better understanding of one another’s policies and remove doubled-up oversight to create cost efficiencies.
Once security and compliance teams are regularly communicating, I like to give them both opportunities to overcome hurdles and work on projects together. One simple way to engage teamwork between security and compliance is through employee awareness training for both data security and privacy. Working closely with the compliance team, the security team can update security awareness programs to include privacy concerns and responsibilities impacting the company.
If security and compliance IT teams unify their resources and goals, they will be able to solve compliance challenges, while protecting against cyberattacks.