Results of a survey of more than 200 technology professionals charged with maintaining compliance at companies with more than 2,000 employees in the healthcare, retail and financial services industries reveal almost all respondents lack confidence in their ability to address and manage governance, risk, and compliance. It’s no secret that today’s complex GRC landscape is a challenge to understand, implement and maintain, especially in regulated industries where it is likely compliance and security teams are independent of each other. IT professionals face an uphill climb to maintain environments held to standards set by external regulatory control, as well as meet internal policies and best practices set forth by the organisation itself. Controls required by regulatory agencies are not just a one-time implementation. R6ather, represent a set of minimum, usually security-based standards that must be maintained and updated at all times to keep the company prepared in the event of an internal or external data breach disaster, which can happen at any time, with little warning.
Some eye-opening findings of the Dell Software commissioned Dimensional Research survey include:
o 83 percent of respondents believe their organisation’s security would be improved if the security and compliance teams worked more closely and shared more information
o Fewer than 50 percent said employees adding new data sources to the environment for compliance and security take the time to inform the security and compliance teams about the new data
o 59 percent of respondents cited limited manpower, and 49 percent cited growth in the amount of data as the number one and two causes for concern in meeting GRC objectives
· Organisations are concerned about their ability to prevent unauthorised access and changes to sensitive data, setting them up for a potential data breach.
o 93 percent of respondents are concerned about their ability to prevent unauthorised changes
o 22 percent are concerned about unauthorised internal access by employees or consultants
o 61 percent are concerned about both external and internal unauthorised access
· Organisations are not confident they are capturing all compliance data needed to maintain regulatory standards, and a large percentage have no consistent process for managing the volume of data required for regulatory control.
o Less than 50 percent of respondents proactively review, add or remove data sources that are no longer required – putting a large portion of organisations at a much higher risk of security threats while believing they are compliant and secure
o Only 11 percent of respondents are very confident that their organisation is capturing all the data necessary to detect, investigate and determine the root cause of an incident or data breach
o Less than 50 percent of respondents have a consistent process in place for adding regulatory data sources
Organisations must develop a comprehensive GRC strategy to mitigate the risk of a costly data breach.
A solid governance, risk and compliance strategy calls for compliance and security teams to work together and share information. This helps to ensure your organisation is continually compliant, has the maximum level of protection from breaches, and prepares you to handle a potential data breach effectively, Dell Software recommends IT organisations get a better understanding of the value of closer alignment between compliance and security teams and the importance of sharing regulatory information across the teams. There are benefits to regularly and proactively reviewing data sources collected, getting rid of the old, as well as ensuring the right people have the right access to the right information. Remember that de-provisioning is more important than provisioning. There is a benefit to managing access rights properly and an opportunity to share data without providing access to the collecting application or infrastructure. This can be done without providing knowledge about how the data was collected. Finally, don’t forget privileged accounts. With access to mission-critical applications and data like credit card information or patient history, these powerful accounts are highly sought-after by external and internal threats alike. It is critical to understand what privileged accounts are in any organisation’s environment as well as the dangers of setting up access controls and privacy in an inconsistent manner.
Dell Software solutions boost organisations’ confidence in their ability to protect sensitive company data and avoid costly data breaches
Dell Software’s compliance and identity and access management (IAM) solutions help maintain continual compliance, and protect the organisation by giving business owners control of access to sensitive data for internal users, external users, and privileged users. Dell solutions help IT organisations feel confident in their processes for managing the wealth of regulatory data sources, as well as the permissions and access methods for all systems and data that must be accessed for day-to-day operations and their ability to proactively maintain continual compliance.
· Dell ChangeAuditor is a compliance solution that helps IT staff, security and compliance officers’ audit, alert and report on user and administrator activity, configuration and application changes in real-time across the Microsoft-centered enterprise from one central console, ensuring proof to auditors and internal stakeholders that compliance and security policies are enforced throughout the organisation.
· Dell One Identity Manager automates and streamlines access governance, protecting the organisation by giving access control to the business owners who know who should have access to which sensitive data, and automates the request-and-approval workflow and attestation/recertification processes reducing the burden on IT.
· Dell One Identity Privileged Password Manager ensures that all administrator access is appropriate, approved, and that all activity is tracked and audited.
· Dell One Identity Cloud Access Manager ensures that access to web-based resources is appropriate, auditable, and follows the a unified security policy for users of all types (internal, remote, mobile, and partner/customer)
· Dell Recovery Manager for Active Directory enables IT to maintain maximum Active Directory uptime and prevent productivity losses due to human error or hardware/software failures