Maintaining control in a regulatory minefield

With regulations consistently being introduced and updated across numerous industries, companies can find themselves struggling to keep up, despite an obligation to ensure compliance

It’s an ever-turning wheel that can leave IT teams and regulatory professionals rushing to implement quick fixes to avoid falling foul of new rules, with this strategy then creating its own issues.

In regulated industries, mandatory audits mean that many companies need to prove that customer data and services remain private and secured by the best possible solutions. While keeping pace with regulatory changes can also lead to cost savings as an added benefit, the simple need to remain compliant should be the driver to adopting supporting technologies, particularly as regulations become tighter and potential fines become more significant.

The world of compliance

Depending on the organisation’s operations, there are a range of regulations that may apply. The SOX act for example was devised to protect both shareholders and the general public from any fraudulent practices or accounting errors. In both a financial and IT sense, all public companies in the US and non-US with a presence in the country must now comply with the regulation, or otherwise face fines of up to $5 million.

PCI DSS is a regulation that applies to any merchant accepting credit cards for payment, with security vital to ensure consumer trust when sharing sensitive card details. In the banking landscape, regulations such as Basel II provide recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.

In the worst case scenario, organisations could find themselves out of business if a regulation isn’t ultimately met. The key to enabling compliance is by carefully controlling change, which includes tracking any deviations through development, validation via engineering and then testing any new integration. The biggest issue with ensuring compliance however is the overhead required to both test systems and ensure that the results are recorded in a meaningful way, but the correct technology integration can remove this challenge.

Visibility of change

To take control over regulatory compliance, businesses first need to be able to track device configuration across the entire IT infrastructure. With the right technology in place from a specialist vendor, the current configuration can be ascertained before having visibility of how a device may have changed over time, which is vital data in understanding where a fix needs to be applied to ensure that regulatory standards are met.

Based on their interpretation of standards, organisations then have the ability to apply the appropriate controls that suit their operations. This could for example be a particular setting that means only certain users have permission to access customer data, or a firewall that should only allow a certain type of information through. A monitoring tool can then be used to continually check and identify any change that deviates from those controls, ensuring that any potential future issue can be picked up before it becomes a problem.

With a solution that provides oversight and control over a wide set of different devices, IT professionals can win time back in their day due to the eradication of manual processes. These processes for example could include server provisioning, a desktop or laptop system, network devices, storage and potentially even a different solution for each of their applications. By adopting a strategy where a heterogeneous monitoring tool is used, it’s all in one place and any non-compliant devices won’t slip through the net, reducing the chance of configuration drift.

Omnipresence in the IT suite

Before the widespread proliferation of IoT devices, IT professionals were better able to keep control of regulatory developments by monitoring one device at a time. Now, it isn’t such a simple process, particularly as regulations evolve. Moving forward, the number of devices will only expand, creating new challenges for IT professionals.

No matter how much the modern day environment requires it, professionals in the business simply can’t be in two places at once. However, with supporting technology, they can benefit from omnipresence in the IT suite, which provides a level of oversight that wasn’t previously obtainable. With a monitoring tool at hand, industry professionals can keep control over a range of different technologies and their level of compliance, easing the strain on their working day and ensuring efficient processes.

About the Author

Mat Clothier is CEO and Founder at Cloudhouse, he leads the company ensuring that enterprises can give all their applications a future without having to needlessly re-engineer when moving existing Windows based applications to the Cloud or Windows 10.

Previously Mat was Chief Technology Officer for Cloudhouse with a demonstrated history of working in the information technology and services industry. Skilled in App Virtualization, Microsoft Technologies, Managed Services, Enterprise Software, and PaaS. Mat is a strong entrepreneurship professional with a Bachelor of Science (BSc) focused in Computer Systems Networking and Telecommunications from University of Plymouth.