Does Compliance Equal Security | ControlScan
Watch this video to hear ControlScan CEO Joan Herbig (@joanherbig) and Jyothish Varma (@jyothishvarma) discuss the importance of a strong security posture. Data breaches in retail, healthcare and other business sectors are on the rise. What is happening and what can you do about it?
There are a couple of forces at play that are causing businesses to really look at their security situation. Companies are innovating all the time and there are many more devices at play. At the same time, the bad guys are innovating and they are very organized, they are very agile and they’re also very patient, and the malware that they’re able to develop at this point is becoming much more sophisticated.
It all started with Target, December, 2013; and 2014 was the year of retail breaches and there were about 20 major retailers that were breached and 679 known breaches with about 500,000,000 records that were published online.
In 2015 we saw a shift, in that retailers continued to be breached but about 35% of the breaches that happened in 2015 were healthcare and insurance companies. About 80% of the data out in the public domain was these healthcare and insurance providers.
You’re right about 2014 being the year of the breach, and the fact that breaches are now commonly understood. We hear about them every week in the news, and with that companies are starting to talk about them in board rooms.
I think there are three fundamental problems that a CIO faces. Number one is the ballooning cost of security. Number two, is finding the right people. Number three, maintaining all the security systems consistently and keeping them up to date.
It’s getting harder and harder to hire people that understand and can evolve with the growing security threat, so for a business what do I select as the technology and then how do I staff appropriately in order to make it all work together.
From a compliance perspective we’re seeing that many of the compliance standards, while we talk about them becoming more simple, as time goes on they’re actually becoming more complex and that creates substantial challenges for a business. Not only to understand what they requirement are but then to put the appropriate controls in place to make sure they’re compliant.
Companies think about compliance because it’s mandated, but essentially that’s like agreeing to a C-minus in a course. The reality is that they should be thinking about security as a whole rather than be just compliant or maybe secure. This has happened numerous times when many breaches have occurred. For example, Target, when they got breached in 2013 they were compliant but that doesn’t mean that they were secure.
Our roots are in the compliance area and we found that ultimately, in order for a business to be compliant, as JV said, they have to be secure. It’s only natural that you’ll be able to offer the business compliance solutions along side security solutions. The value of what we’re doing is we’re orchestrating the two together.
ControlScan security services are pretty much all cloud based. Number one, it helps reduce the cost that the customer has to invest, they don’t have to invest in appliances that they have to house internally so there is cost savings from that perspective. Number two,
ControlScan has wealth of security expertise that we have gathered over a period of time that we can apply to a lot of customers versus just one.
The suite of solutions that we offer pretty much satisfies all the security needs of a midsize enterprise.
ControlScan is there at every step of the way. From the moment you engage ControlScan we will have a security expert working with you either on the ground or on the phone or come to set up the security devices and set the policies and procedures to manage it appropriately over a period of time. The one stop shop to which you can escalate all your security concerns. In other words, they become your trusted security advisor.
source
