Emerging Technology is Making Compliance Even More of a Challenge

One of the biggest cybersecurity challenges that organizations face is one that has been dogging them for decades – compliance. What is interesting about the impact of technology is that there are two fundamental reasons why compliance becomes more difficult.

The Same Problem Exists, but is More Complex

Technology is a double-edged sword when it comes to cybersecurity. For example, we have all benefited from the enhancement and adoption of cloud services, especially given the impact of the pandemic. Many of us had our daily work routine turned upside down which in turn accelerated the adoption of cloud services and work-from-anywhere solutions. However, what we have seen from an organizational perspective is that the expanded use of the cloud has resulted in, for many enterprises, a degraded awareness of what services and assets are being actively used, and by extension, needing security controls and services.

Think about it – one of the core tenants of all security frameworks and compliance standards is that one has an accurate understanding of what is in an organization’s environment. This definition of environment, ten to fifteen years ago, was largely restricted to what was behind a corporate firewall. Nowadays, this delineation is all but non-existent. For those with an ITSM (IT Service Management) solution in place, is this functioning as your enterprise ITAM (IT Asset Management)? If so, are you ingesting not only the virtual workstations, servers and containers in your multiple cloud environments but information about the cloud providers themselves? What about all the 3rd and 4th party cloud vendors needed for your enterprise services? Chances are pretty good when you go beyond your internal network that your awareness of what’s in play gets a bit fuzzier.

This awareness is the cornerstone of many compliance requirements; examples include but are not limited to the Center for internet Security, NIST, GDPR and so on. Even if there is a compliance standard out there that does not explicitly call out the need for an accurate ITAM, which I am unaware of but is possible, every cybersecurity compliance requirement out there puts parameters in place that require an understanding of assets in an environment. How can one be expected to implement effective data security controls if you don’t know what assets exist in the first place to apply said controls? Knowing what one has is the foundation for any compliance standard.

Even if SOX, HIPAA, CJIS or some other compliance requirement isn’t your priority, getting your arounds around cloud services and assets is just good cyber hygiene and fundamental to any security program. How can you effectively assess cyber risk at an enterprise level if you don’t know what is in the enterprise? Anything you do or suggest is built upon, at best case, an incomplete assumption of reality or worse, completely wrong.

New Technology Equals New Compliance Challenges

While it is reasonable to posit that a majority of the challenges around cybersecurity compliance are the same from say ten years ago, there are new concerns and challenges as a result of newer technology. A good example of this is IoT.

Technically IoT technology has been around for decades, in particular in SCADA and other industrial applications.  However, it hasn’t been until the last decade that we’ve seen an explosion of adoption in the enterprise, but especially in the consumer markets.However, the biggest issue with respect to IoT is that this technology has and continues to be compromised by multiple cyber threats. Many of the DDOS attacks that organizations experience are caused by tens, if not hundreds of thousands of compromised IoT devices, which are in turn used to DDOS enterprises of all sizes.

This has not gone unnoticed by the federal government. On May 12, 2021, the White House issued an executive order that, among other things, puts forth requirements around IoT devices and deployments. While this executive order only directly impacts executive federal departments, it does demonstrate the fact that as new technology emerges that compliance will eventually follow behind. The EU introduced a cybersecurity standard for consumer based IoT products in June 2020. Among the thirteen different provisions includes the concept of no universal default passwords.

New compliance requirements aren’t enacted at just the national and industry level. SB-327 in California, which went into effect on January 1st, 2020 specifically calls out the IoT market. Any manufacturer of a device that either directly or indirectly connected to the internet must enable ‘reasonable’ security controls to prevent unauthorized access, modification, or data exposure.

What Does This Mean for the Future of Cybersecurity Compliance

The good news is that the purpose behind cyber compliance will remain the same –to establish guidelines and prerequisites for people and organizations to follow to ensure what the compliance requirement is focused upon is protected. Protection can extend to the validity, confidentiality, and accessibility of data.

Compliance standards will evolve and change over time – some may be deprecated, and some created in response to the ebb and flow of old and new technology. What we need to remember is that compliance doesn’t necessarily equal effective cyber security, but very frequently will set us on a path that will.

 

Share

Related

Rolling with the Changing Times

There is little denying the fact that human capabilities...

Advancing the DSP Infrastructure to Ensure Communications Fit for the Present Day

Marvell Technology, a leader in data infrastructure semiconductor solutions,...

Emergence of Blockchain Technology in Healthcare

Every sector that collects information of the general public...

Technology Adoption Spurs in insurance industry Amidst Pandemic

During the Covid-19 insurers have dramatically increased their use...

Joining the Digital Battle

Our lives, as grand as they seem, are nothing...

A Billion-Dollar Take to Save the Environment

While a human arsenal is made up from a...

Cockroach Labs Secures $278 Million in the Latest Round; Hits 5 Billion Valuation

It’s great that we humans are outright committed to...

Laying Down a Sorted and Streamlined Way to Track Your Workforce

Lightspeed Commerce Inc., the one-stop commerce platform empowering merchants...

Latest

No posts to display

No posts to display