6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next 6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment-5 Next

Security Gaps

Identify security gaps and align to the policy.

At this stage, CISOs should consider the organization's unified security policy the "desired" state of the network, and not necessarily the "actual" state of the network. The actual state comes from the segmented network topology that was modeled in step 2. This is when it's necessary to compare the two. Chances are, they will not be identical. Identify any security gaps that exist between the two and take measures to close those gaps. Continuing with the previous hypothetical PCI example, the "desired" state is that no other application has access to the network segment where your payment process application is stored. After comparing your model to the actual state of your network, you learn that a marketing application also resides on that portion of the network in order to have occasional access to customer data from the payment application. Not only is this a significant violation of PCI DSS, but it also puts the enterprise at risk for a costly data breach. This condition should be flagged for remediation immediately.

CISOs and their network security teams are under increasing pressure to adhere to an expanding "alphabet soup" of regulatory requirements that have a direct impact on the enterprise network. On top of that, every business has its own internal policies and best practice workflows to follow. One way to reduce the compliance enforcement and audit-readiness burden is to work toward the goal of continuous compliance — attaining a state where all compliance requirements are met, and then continuously maintaining that state.

Even with the many challenges of managing today's complex IT environment, it's possible to achieve continuous compliance through proper organization, thorough processes and technology automation. In this slideshow, Ellen Fischl Bodner, Tufin, has identified six steps that are critical to ensuring continuous compliance.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

DataM62-190x128 10 Steps for a Proper Data Governance Plan

Establishing a digital governance plan can be a challenge, but with the right education and tools, the job can be made a lot simpler. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.