How Best To View The Relationship Between Compliance And Security

By John Ross, VP of Strategic Alliances, Netwrix

John Ross, VP of Strategic Alliances of Netwrix the IT security auditing company, explains why VARs and MSPs shouldn’t assume their customers are secure just because they've gone through the checklist of compliance requirements.

In light of the recent wave of data breaches affecting diverse companies, from the small two-person medical office to the giant enterprises that have been in the news lately, it has become clear that despite having passed all the compliance audits successfully, organizations are still exposed to the danger of security breaches. The more we look into the problem, the better we can understand that there is a growing gap between being secure and being compliant.  

In the 2014 PCI Compliance Report, Verizon’s experts revealed that only 11 percent of organizations managed to meet all 12 PCI DSS requirements, and the majority of companies treat these requirements as an annual scramble, falling out of compliance as soon as the audit passes. While according to Netwrix 2014 SIEM Efficiency Report, 62 percent of organizations that are obliged to meet compliance standards still suffer from security breaches. This creates an opportunity for the VAR and MSP communities to provide services and programs that help ensure the security and stability of the systems and take precedence over the minimal controls in the compliance checklists.

Please log in or register below to read the full article.