GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Security and Compliance—similar, but different

Security and Compliance

As GDT’s Vice President of Security Advisory Services—and having specialized in IT security for over 20 years—it’s common to hear people confused with security and compliance. Yes, they’re different, but they do overlap in many ways. Without a strong security posture, compliance will be difficult, if not impossible. The following will give you a better idea of their differences, even though both serve the same goal—keeping organizations and the customers and partners they work with as secure as possible.

In place vs. proof that it’s in place

Security relates more to something that needs to be put in place to protect associates or a commodity, such as computer systems, offices, intellectual property, and company and client data. Compliance is a governing principle, regulatory adherence, or a best practice enforced by best-in-class organizations, government entities or SROs (standards and regulations organizations). 

Security is about protecting computer and network systems, data traversing the Internet, passwords, encryption tools, or any other method of protecting organizational and client data. Security can also include cameras, security guards, even vigilant associates. Examples of compliance include the implementation of best practices, such as password resets required within a particular time period, and the securing and protection of clients’ personal information.  A majority of business best practices originate from, among many others, the International Standards Organization (ISO), the National Institute of Standards and Technology (NIST), and the World Wide Web Consortium (W3C). Others include the GLBA (Gramm-Leach-Bliley Act), the CCPA (California Consumer Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), PCI (Payment Card Industry Data Security Standard) and SOX(Sarbanes-Oxley Act).

The monitoring, measuring, and reporting of how policies and best practices are applied and enforced also falls within compliance. Security officers need to be able to confirm, with evidence, how they measure and monitor the ability to adhere to regulatory requirements. Measurements and data are also provided to auditing organizations to prove legal compliance, or to support and verify certification-related requirements.

It’s important to note, however, that auditing doesn’t solely confirm financial and security compliance health; it also provides customers and partners with the peace of mind in knowing that the organization it’s working with is taking strong, reasonable measures to protect their assets and the services they utilize. It also provides clients and prospects with the assurance in knowing that their data and information is safe from hackers and cyber threats.

Ensuring operational and implementation feasibility is key 

While security is critical, of course, it can’t be stringent to the point that it can’t be properly implemented, or done in a way that makes security management unreasonable, if even possible. Finding the right balance between operational effectiveness and security is of paramount importance. It’s not easy, but necessary. 

Organizations leverage auditors and information security associates to help find the right balance between keeping people, data and technology systems safe, while allowing the business to grow and flourish.

Turning to security experts

It is important to make informed, well-calculated, carefully-considered security decisions that will allow your organization to best serve customers, acquire new ones, and support its growth and profitability. Those decisions can’t infringe on your organization’s ability to remain agile and secure. It’s a delicate balance, but vital in the digital age. That’s exactly why some of the most noteworthy enterprises, service providers, government agencies and healthcare organizations in the world have turned to the security experts at GDT. We’re highly experienced at helping customers prepare for security audits and security certifications, and implementing best practices to ensure their organization is safe from cyber threats.


Share this article

You might also like:

AI and Data Security

The advent of artificial intelligence (AI) brings transformative potential across industries while also introducing significant data security challenges. As AI systems become integral to operational and decision-making processes, safeguarding sensitive information against sophisticated threats is paramount. This exploration sheds light on the complexities of AI and data security and proposes

Transport layer security (TLS)

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,


As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion