Simple Wins for Regulatory Compliance

Regulatory compliance has become extremely complicated. Many organizations are accustomed to achieving and maintaining compliance with the “old” regulations like the Payment Card Industry Data Security Standard (PCI DSS) and the Health Information Portability and Accessibility Act (HIPAA).

However, in recent years a rash of new data protection regulations have gone into effect, and many of them have a greater scope than previous ones. In the past, an organization may only have been required to maintain compliance with regulations in their nation or with a global scope.

Now, these new state, national, or regional regulations apply to any organization processing the data of its constituents, regardless of the location of that organization.

As a result, many organizations are struggling with the new, patchwork compliance landscape. However, a large part of this struggle is driven by the fact that many organizations build their security strategies to “check the box” for compliance.

By identifying security controls required across many regulations, like a web application firewall (WAF), and building a security strategy around these solutions, organizations provide themselves with an excellent starting point for mapping their security strategy to the needs of specific regulations.

The Challenges of Regulatory Compliance

In recent years, the regulatory landscape has been expanding rapidly. Organizations are now required to comply with a variety of different regulations. Even for those in previously well-regulated fields, who are accustomed to achieving and maintaining compliance, navigating the new regulatory landscape is complex.

The rash of new regulations began with the EU’s General Data Protection Regulation (GDPR). The GDPR is designed to protect the personal data of EU citizens. It dramatically expanded the rights of EU citizens and requires that organizations or countries wishing to collect, process, or store the data of EU citizens have similar protections in place.

The example of the GDPR has inspired many states and countries to pass their own data protection regulations in recent years. However, while these new regulations are similar in intention, they differ dramatically in the details. As a result, organizations are struggling to comply with all of the regulations that apply to them.

Identifying Fundamental Compliance Requirements

Complying with the mess of current and upcoming regulations is difficult for many regulations. In fact, a group of 51 CEOs of the biggest US tech companies has sent an open letter to Congress requesting a federal data privacy regulation that would supersede the patchwork of state regulations, simplifying the US data protection landscape.

While this is a potential long-term solution to the problem of a fragmented regulatory compliance landscape, it doesn’t solve the problem in the short-term. Accomplishing this requires a new mindset toward regulatory compliance.

Many organizations take a compliance-focused approach to security. Deploying security controls on their networks and endpoints is done for the sake of compliance.

This “check the box” approach to regulatory compliance is becoming increasingly unsustainable as a number of different regulations, all asking for subtly different policies, procedures, and security controls, come into effect.

A more scalable approach to regulatory compliance is identifying the security controls that are required or desired by each regulation and implementing them in an intentional fashion.

For example, most regulations require organizations to deploy a web application firewall to protect their web presence against common attacks. A WAF is explicitly required in PCI DSS Requirement 6.6 and implied in data protection regulations like the GDPR and the California Consumer Privacy Act (CCPA) that require protection of personal data since a quarter of data breaches are carried out by exploiting web application vulnerabilities.

WAFs are one of several different security controls that are required by many regulations, either explicitly or implicitly. Another example is a data security solution that can manage access to repositories of sensitive data, which is a must for compliance with regulations like PCI DSS, GDPR, and CCPA. By identifying these required solutions and building a security architecture around them, an organization has a great foundation for building out the specific security controls, policies, and procedures required by each regulation.

Going Beyond Compliance to Security

The compliance-focused approach to security that many organizations adopt makes it more difficult for them to actually achieve and maintain regulatory compliance. The number of regulations that organizations must comply with is growing rapidly, and many of them require subtly different things of affected organizations. A piecemeal approach to compliance means that an organization will be constantly cobbling together security controls and policies for the next audit.

By taking a step back from the minutiae of the regulations and looking at the big picture, organizations can dramatically improve their ability to achieve and maintain regulatory compliance.

Since many of these new regulations have the same overall goals, many of the same solutions can be applied to achieving compliance with all of them. By identifying common requirements between regulations and implementing them in an intelligent and intentional fashion, organizations can easily achieve compliance with a broad swath of regulatory requirements. After that, adding on additional controls or policies to meet certain regulatory compliance requirements is much less of a burden.

John Daniel
Android biggest Fan and a Tech Nerd

Related Articles

[Flash File] Oppo A3 CPH1837 Firmware Download [Stock Rom]

In this article, we are going to provide you with all the Oppo A3 CPH1837 firmware flash file ready for download.Also, we are going...

[Flash File] Oppo F7 CPH1819 Firmware Download [Stock Rom]

In this article, we are going to provide you with all the Oppo F7 CPH1819 firmware flash file ready for download.Also, we are going...

[Flash File] Oppo A83 CPH1729 Firmware Download [Stock Rom]

In this article, we are going to provide you with all the Oppo A83 CPH1729 firmware flash file ready for download.Also, we are going...


Please enter your comment!
Please enter your name here

Latest Articles

Pro tips to manage freelance web designing projects

Being a Freelance web designer has its own advantages and so the challenges. As here, you are not only pursuing web designing, but you are building...

Common Mobile Phone Problems With Solution

Just as human beings cannot be perfect, a mobile phone cannot be. There are a lot of times when your mobile phone starts facing...

7 Steps to Keeping Your Employees Safe in the Workplace

Workplace safety should always be one of the top priorities for any business owner, manager, foreman, or HR professional – especially if they work...

YouberUp review: An app that promises free YouTube views and subscribers

To run a successful YouTube channel, you need three things - an idea, viewers, and subscribers. Sometimes, developing and executing an idea is the...

Best Career Fields in IT

If you want to build a career in IT, there are lots of fields to choose from. The demand for skilled IT specialists continues...