KnowBe4 Security Awareness Training Blog

Do you recognize yourself in The Compliance Curve?

Posted by Stu Sjouwerman on Mar 7, 2014 3:57:00 PM

The Compliance CurveHave a look at the curve here. Do you recognize yourself? It's the process that many IT pros told us they go through on a regular basis, much like Groundhog Day.  

They tell us that regular audits take up too much of their time, they are stuck in "Excel hell" trying to manage compliance, and that there is a lot of duplicate effort going on. 

Regulatory compliance is mandatory, but the time, cost, and complexity associated with becoming compliant and maintaining compliance has increased and will continue to increase. Most organizations track compliance using spreadsheets, word processors or proprietary self-maintained software.  

Is Compliance The Enemy Of Security?

Let's take PCI compliance for example. You're forced to do a bunch of things that are deemed to be keeping the network secure and protect credit card data. So once a year you have to take this hurdle, get compliant but soon afterward another 20 fires need to be put out and compliance goes out the window until next year. 

What we have to do vs what we should doThe problem is that these days, you are a few hacks away from disaster. Just look at the recent Target databreach. It can happen to all of us if we do not have the right focus. You might be spending too much time getting compliant and not spending enough time to get your network actually secure.  Compliance starts at the bottom of the pyramid. These are the things you simply have to do or otherwise you lose the right to take credit cards. 

Next up is what is called your "legally defensible" level of security. The law expects you to take reasonable security measures, similar to what other companies in your space do.  Spending too much time at the bottom of the pyramid is going to cause trouble and could result is high legal fees. You should spend the minimum amount of time at the bottom, spend the majority of your time in the middle, and spend at least some time at the top, where you actually are in the area that moves the needle related to the bottom line.

We all know that compliance is mainly a matter of “people and processes” and tools come second. But what if you could deploy a tool that would automate your people and processes problem? That makes "what you must do" an area that is under control, and allows you to move "up the pyramid". Up to now, these tools were only affordable for the Fortune 500, but KnowBe4 has developed the KnowBe4 Compliance Manager (KCM) as Software as a Service.

KCM consolidates your audit management and regulatory compliance tasks into simple automated workflows which prevent overlap and eliminate gaps. “By admins for admins”, whether you are responsible for PCI in a 100-user site, or an MSP managing dozens of companies and thousands of seats. Find out if KCM is a good fit for your environment and request your webdemo here.


Tags: PCI Compliance, Compliance, data breach, HIPAA

Subscribe to Our Newsletter!

Subscribe to Blog

Follow Me