This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Regulatory compliance isn't exactly the most exciting topic, however, it is one of the most important. After all, failing to meet compliance requirements can result in harsh penalties, including hefty fines. Not to mention, compliance standards, such as PCI DSS, Sarbanes-Oxley, GDPR and HIPAA, are designed to ensure the security of your data and the potentially sensitive information it holds. On top of this, government regulation such as Personal Data Protection Act (PDPA) in Singapore aim to protect data from prying hands -- be it companies or cyber criminals; a recent development of the PDPA may mandate organisations to inform customers of personal data breaches as soon as they are discovered.
With that in mind, here are three key things you should remember when it comes to regulatory compliance:
1. Compliant doesn't equal secure
Being compliant is one thing, but being secure is something else entirely. Think of all the high profile data breaches we have seen over the past few years. How many of those companies were "compliant"? Well, quite frankly, all of them had to meet regulations and many did so successfully. Yet they still made data breach headlines.
Thus, it is important to not fall into the trap of thinking that if one adheres to compliance requirements, security is guaranteed. In fact, many regulatory bodies are now making a point to educate organisations that the compliance standards they oversee will not always ensure their company data is secure. You should think of regulatory compliance as a starting point.
Having the right talent to manage such situations is also just as important. According to a recent study conducted by SolarWinds, nearly two-thirds (61 percent) of IT professionals in Singapore indicated that hybrid IT has required them to acquire new skills, while 11 percent say it has altered their career path. These statistics clearly indicate that there is a need for a higher skilled workforce to tackle difficult environments, on top of hiring individuals that can untangle sticky situations.
2. Forget about breach shaming, have a sense of breach sympathy
Due to global data breach disclosure laws now in place and with the upcoming Cyber Security Bill in Singapore, we bear witness to new (and sometimes old) breaches which are not often lost in the coverage alongside commentary on compliance.
These reports traditionally question the competency of the affected organizations (this includes the recent attacks in Singapore, such as the breaches on NTU and NUS), thereby essentially breach shaming the organization. Collectively, we need to get to a point where we have more breach sympathy instead-0"If it can happen to company XYZ, which was compliant, it could happen to us."
Sign up for CIO Asia eNewsletters.