Coalfire’s Adam Salerno discusses the process, effort and rewards of designing and implementing an automated compliance environment, as well as what organizations can do to automate security controls to meet specific compliance framework requirements.
Enterprises serving multiple highly regulated industries – and those overperformers wishing to demonstrate “above and beyond” security statures – can juggle 15 or more compliance frameworks. Many are dipping their toes in some level of security automation and others are diving right in, but few have taken the step of orchestrating automation throughout a coordinated compliance program. Perhaps this appears to be a complex undertaking — and in fairness, initially, it is. Each framework has a different set of environmental focuses, control parameters and requirements, so finding efficiencies means taking the time up front to fully understand each framework and the enterprise infrastructure and then architecting the optimal set of controls, automation approaches and tools to achieve the most efficient path forward. But is it worth the effort?
In many ways, enterprises must ask themselves, “can we afford not to?” Compliance frameworks are not going away. On the contrary, recent trends show an increase as more global and state-level privacy regulations…
