underwater_minefield_by_juanjosetorres-d5726zg.jpg
wall.jpg
mcescher1898-1972-1356130445_org.jpeg
6964825-great-wall-of-china-sunset.jpg
underwater_minefield_by_juanjosetorres-d5726zg.jpg

Regulatory Minefield


SCROLL DOWN

Regulatory Minefield


Treat security and privacy as a competitive advantage, not a burden.

Companies face a virtual alphabet soup of regulations, especially those designed to safeguard Personally Identifiable Information (PII) and Sensitive Personal Information (SPI). The penalties for non-compliance can be extraordinary, but we urge clients to revere data. Your customers want to deal with secure providers that treat their data with care and respect. Security and privacy can be a competitive advantage, not just a burden. 

EU GDPR

Dodd-Frank

CARD Act

Bank Secrecy Act

PCI DSS

FINRA

USA Patriot Act

SOC

HIPAA

HITECH

GLBA

 

wall.jpg

Sarbanes-Oxley


Sarbanes-Oxley


IT departments have long followed frameworks provided by NIST, SANS and ISO. Boards and CFOs, at least at public companies, are now mindful of the COSO framework to assess internal controls – a cornerstone of Sarbanes-Oxley – that was changed in 2013 to put an emphasis on technology controls.  CFOs, controllers, internal and external auditors, risk managers, and even a Board's audit committee members are now obliged to ensure that companies achieve a substantially higher standard of housekeeping when it comes the management of technology.  For example, when an organization gets hit with a security breach, what does that say about the controls they had over data, arguably their most important asset?  Considering the liabilities CEOs and CFOs face each time they sign their Section 404/302 certifications, the stakes for compliance have never been higher.  

mcescher1898-1972-1356130445_org.jpeg

Transformation of IT


Transformation of IT


There are several powerful, transformative IT trends that require companies to think differently about the way they procure and manage technology.  We can show you how you can immediately gain the visibility and control you need to deal with these, and other fundamental shifts in the way companies operate today.

  • Workloads moving from on-premise data centers to cloud hosted infrastructure
  • Shift from use of licensed software to SaaS applications
  • Increasing use of mobile devices, including those owned by employees, and sensors 
  • Consumerization of IT, resulting in higher employee expectations for the quality and speed of access to technology used in the enterprise
  • Incidence rate and severity of security breaches are increasing, while most security software and even next generation firewalls overlook cloud-based activity.
6964825-great-wall-of-china-sunset.jpg

Perils Beyond


Perils Beyond


More of your data resides in the cloud and with terrestrial vendors than you even realize.

Corporate life is especially perilous outside the data center firewall.  The cloud exposes companies to substantially greater risks of malware intrusion, malicious leakage of data, theft of user credentials, and account hijacking, among others.  Traditional security software, and even next generation firewalls, cannot provide the kind of protection you need in an environment laden with both sanctioned and unsanctioned cloud-based services.  Mobile devices represent an exceptionally porous membrane that must be monitored programmatically as they amplify the cloud-based threats.  Let us show you how to get the visibility and the control you need to overcome cloud-induced vulnerabilities.

Cloud-based services introduce subtle risks as well.  Has someone in your company ensured that you retain control of your data once it resides on a cloud host?  What happens when third parties, including government agencies, subpoena your cloud service provider, demanding access to your data?  When an employee accesses an app without seeking any approval, which is typical shadow IT behavior, the terms and conditions of that relationship may get no consideration at all.  We can show you how to best encrypt data at rest, in use, and in transit, while keeping control of the keys and your data's security.

Of course terrestrial vendors represent risk too. More than half of all reported breaches are attributable to weak third parties, so companies need to get organized. See our Vendor Risk tab to learn more.