GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Security and Compliance—similar, but different

Security and Compliance

As GDT’s Vice President of Security Advisory Services—and having specialized in IT security for over 20 years—it’s common to hear people confused with security and compliance. Yes, they’re different, but they do overlap in many ways. Without a strong security posture, compliance will be difficult, if not impossible. The following will give you a better idea of their differences, even though both serve the same goal—keeping organizations and the customers and partners they work with as secure as possible.

In place vs. proof that it’s in place

Security relates more to something that needs to be put in place to protect associates or a commodity, such as computer systems, offices, intellectual property, and company and client data. Compliance is a governing principle, regulatory adherence, or a best practice enforced by best-in-class organizations, government entities or SROs (standards and regulations organizations). 

Security is about protecting computer and network systems, data traversing the Internet, passwords, encryption tools, or any other method of protecting organizational and client data. Security can also include cameras, security guards, even vigilant associates. Examples of compliance include the implementation of best practices, such as password resets required within a particular time period, and the securing and protection of clients’ personal information.  A majority of business best practices originate from, among many others, the International Standards Organization (ISO), the National Institute of Standards and Technology (NIST), and the World Wide Web Consortium (W3C). Others include the GLBA (Gramm-Leach-Bliley Act), the CCPA (California Consumer Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), PCI (Payment Card Industry Data Security Standard) and SOX(Sarbanes-Oxley Act).

The monitoring, measuring, and reporting of how policies and best practices are applied and enforced also falls within compliance. Security officers need to be able to confirm, with evidence, how they measure and monitor the ability to adhere to regulatory requirements. Measurements and data are also provided to auditing organizations to prove legal compliance, or to support and verify certification-related requirements.

It’s important to note, however, that auditing doesn’t solely confirm financial and security compliance health; it also provides customers and partners with the peace of mind in knowing that the organization it’s working with is taking strong, reasonable measures to protect their assets and the services they utilize. It also provides clients and prospects with the assurance in knowing that their data and information is safe from hackers and cyber threats.

Ensuring operational and implementation feasibility is key 

While security is critical, of course, it can’t be stringent to the point that it can’t be properly implemented, or done in a way that makes security management unreasonable, if even possible. Finding the right balance between operational effectiveness and security is of paramount importance. It’s not easy, but necessary. 

Organizations leverage auditors and information security associates to help find the right balance between keeping people, data and technology systems safe, while allowing the business to grow and flourish.

Turning to security experts

It is important to make informed, well-calculated, carefully-considered security decisions that will allow your organization to best serve customers, acquire new ones, and support its growth and profitability. Those decisions can’t infringe on your organization’s ability to remain agile and secure. It’s a delicate balance, but vital in the digital age. That’s exactly why some of the most noteworthy enterprises, service providers, government agencies and healthcare organizations in the world have turned to the security experts at GDT. We’re highly experienced at helping customers prepare for security audits and security certifications, and implementing best practices to ensure their organization is safe from cyber threats.

Author

Share this article

You might also like:

Data is truly the lifeblood of business operations—as evidenced by the explosion of data, which is expected to swell from 120 zettabytes in 2023 to 180 zettabytes by 2025. The backbone of data center resiliency is secure, effective, high-performing data storage. Here’s how modern data storage solutions reinforce data center

Understand Software and Maintenance Overspend As anyone with visibility into business IT costs knows, it’s incredibly easy to overspend on software and maintenance without realizing it. The average organization uses upward of a hundred software applications. As a result, the asset portfolio becomes complex and disparate, driving up maintenance and

Robust, resilient data infrastructure is key to keeping your organization secure and avoiding the challenges that arise from data breaches or loss. But it isn’t just a risk mitigation strategy — a well-architected and well-maintained data center empowers your organization to move quickly, serve customers well, streamline processes, and keep