June 21, 2017 By Charles Kolodgy 3 min read

The Moody Blues searched for the “Lost Chord,” Captain Kirk searched for Spock and the “In Search Of” television show sought to solve unexplained mysteries. Similarly, IT and security professionals are always searching for solutions that can balance myriad standards and regulations against a continuously evolving threat landscape.

At the heart of the issue is the mantra, “Compliance isn’t security.” A quick web search returns hundreds of articles that expound on this seemingly obvious point. However, it’s time for that perception to change.

Balancing Compliance and Security

The concept of establishing and enforcing data privacy rules is not new. The rising number of regulations and standards, however, is a recent phenomenon. These controls and measures have been developed to govern the use and protection of data, which is the underlying currency of the digital age.

According to IDC’s “Data Age 2025” white paper, 16 zettabytes of data was created in 2016, and that is expected to grow tenfold by 2025. IDC also predicted that nearly 20 percent of that data will be critical to daily life.

The underlying purpose of the hundreds of worldwide standards is to regulate how data is handled and protected. Compliance is an important responsibility to clients, customers, business partners and shareholders, and it must go further than simply passing an audit and forgetting about it until the next one. It requires security systems to be in tune with the organization’s objectives.

Common Ground

The conventional wisdom is that compliance and security are in opposition to one another. However, when you consider their commonalities, they should be complementary. Compliance and security are similar in that they are necessary and costly. Furthermore, the failure of either element carries significant consequences.

Compliance is generally mandated by law, while security is usually less official. However, if you ignore security, disaster is sure to follow. Failing compliance audits can result in fines. So can security breaches, but these may also lead to reputational damage that can potentially ruin a business. And both are costly, since they require dedicated software, services and personnel to deploy and manage.

In light of these common factors, the overall strategy for managing security and governance should be unified.

Opposites Attract

Conforming to a regulatory mandate may contradict certain elements of a straightforward approach to cyberdefense, but that doesn’t mean compliance and security can’t work together. When looking at a magnet, for example, the two sides that have the same polarity will push away from each other. When the polarities are opposite, however, they come together and bond.

Compliance and security can work the same way. Although they appear to oppose each other due to differences in needs and activities, if their ultimate goals and structures are aligned correctly, they can be done in concert.

Establishing Equilibrium

Although compliance and security are not the same thing, they can coexist to create an equilibrium that allows organizations to fulfill both mandates and become strong stewards of proprietary and client data. To create this balance, companies need a holistic security strategy that prioritizes compliance as a component of the bigger picture.

IT teams should define the roles of compliance and security as “looking in” and “looking out.” Compliance is a self-reflexive process designed to ensure that internal controls and policies are being properly enforced. Meanwhile, security systems and processes protect organizations from external threats looking to steal or damage data.

It makes sense to have a unified strategy for managing security and governance. One path toward this synthesis is the security immune system, which provides an interconnected approach to data protection in a single framework. This fully integrated strategy allows various solutions to grow and adapt within an organization’s infrastructure while working together to establish equilibrium between compliance and security.

Read the white paper to learn more: Navigating the compliance maze

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today