informa
/
2 min read
Feature

Essentials For Succeeding At Compliance

It's hard to find a security vendor that doesn't tout its products as crucial for compliance. Don't buy into the hype.
It's hard to find a security vendor that doesn't tout its products as crucial for compliance. Don't buy into the hype.

Antivirus tools and other security software will always play a big role in compliance, especially for companies that hold the "two big species of data that matter now"--customer and financial data--but there's no magic bullet, says Dave Stampley, general counsel and compliance specialist at IT consulting firm Neohapsis. "I understand that marketing requires attention-getting language," Stampley says, "but there's no such thing as software that makes your company compliant."

That's a job for IT. The good news is that organizations with strong security infrastructures and policies may need few changes. The bad news? You can't take for granted that your systems are up to par. We spoke with information security professionals who've gotten a grip on compliance, and we found two key directives: First, team up with business execs and legal experts to analyze which data falls under regulatory purview. This exercise is akin to a risk-management evaluation.

Second, audit partners and third-party providers to ensure that their controls meet your standards. Security pros say this exercise can be an eye-opener. If providers won't bring their systems up to your standards, look for new partners.

Return to the story:
Software Isn't Enough

Editor's Choice
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Pam Baker, Contributing Writer
James M. Connolly, Contributing Editor and Writer
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Greg Douglass, Global Lead for Technology Strategy & Advisory, Accenture
Carrie Pallardy, Contributing Reporter