Professional Documents
Culture Documents
The Importance of Compliance in Cybersecurity: Compliance??? Isn't That Just Paperwork?
The Importance of Compliance in Cybersecurity: Compliance??? Isn't That Just Paperwork?
much
Incidents of cloud systems having their data stolen,
held hostage, leaked or destroyed are accelerating.
2019 data breaches include:
As a result, almost all organizations understand the more prescriptive. Some standards like FedRAMP are still
importance of implementing robust cybersecurity for their more prescriptive and involve more oversight. Customers
cloud systems. Most organizations make sure they have that understand these differences place higher value on
good access controls, antimalware, intrusion prevention, cloud systems that are compliant with more prescriptive
monitoring, logging, and alert systems. Many organizations cybersecurity standards.
have the extensive QA testing procedures required to keep
their systems continually updated with the latest patches. Here’s an example. Multifactor authentication (MFA) is one
Some organizations continually train their employees so of the best protections against a wide range of
that as cloud technologies rapidly evolve, their staff cybersecurity attack vectors. What do ISO 27001, HITRUST,
understands how security protections must evolve with and FedRAMP require regarding MFA? ISO 27001: No
them. A few organizations take cybersecurity a step further requirement. HITRUST (level 2): “Multi-factor
and focus on compliance. authentication methods are used in accordance with
organizational policy”. FedRAMP: “The information system
Compliance??? Isn’t that just paperwork? implements multi-factor authentication for network access
to privileged and non-privileged accounts.” In other words:
Compliance to a cybersecurity standard means successfully no requirement vs. at your discretion vs. required for all
passing that standard’s annual third-party security audit. users. So compliance to a higher standard can give an
For an organization’s IT department, a focus on compliance organization’s customers an assurance of a higher level of
amounts to an understanding that no matter how talented cybersecurity.
their security team may be, their organization’s
cybersecurity will benefit from the close scrutiny of
thirdparty experts. For an organization’s sales teams, the
certification or authorization that comes with passing an
audit is a key element in assuring their customers that their
cloud systems are protected. Don’t take our word for it –
take the word of the third-party auditor.