dcsimg

6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment

  • 6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment-

    Audits

    Be prepared for audits.

    Compliance with regulations and internal policy is validated through audits, which in and of themselves can be quite a burden on the IT group. Audit readiness takes time and money to assemble the required documentation of the current state of the network, and to validate controls through physical tests and attestations. For instance, an auditor might want to examine all firewall rules and test a portion of them to ensure compliance. There can be several audits per year as an enterprise undergoes both internal scrutiny and external assessments for separate regulations, such as PCI DSS, SOX, NERC CIP and so on. What's more, it's becoming more common today for business partners to require a controls assessment before entering into a services contract. As a result, the audit burden can be quite onerous.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
  • 6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment-7

    Audits

    Be prepared for audits.

    Compliance with regulations and internal policy is validated through audits, which in and of themselves can be quite a burden on the IT group. Audit readiness takes time and money to assemble the required documentation of the current state of the network, and to validate controls through physical tests and attestations. For instance, an auditor might want to examine all firewall rules and test a portion of them to ensure compliance. There can be several audits per year as an enterprise undergoes both internal scrutiny and external assessments for separate regulations, such as PCI DSS, SOX, NERC CIP and so on. What's more, it's becoming more common today for business partners to require a controls assessment before entering into a services contract. As a result, the audit burden can be quite onerous.

CISOs and their network security teams are under increasing pressure to adhere to an expanding "alphabet soup" of regulatory requirements that have a direct impact on the enterprise network. On top of that, every business has its own internal policies and best practice workflows to follow. One way to reduce the compliance enforcement and audit-readiness burden is to work toward the goal of continuous compliance — attaining a state where all compliance requirements are met, and then continuously maintaining that state.

Even with the many challenges of managing today's complex IT environment, it's possible to achieve continuous compliance through proper organization, thorough processes and technology automation. In this slideshow, Ellen Fischl Bodner, Tufin, has identified six steps that are critical to ensuring continuous compliance.