7 Biggest IT Compliance Headaches and How CIOs Can Cure Them

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them. As if IT departments didn’t have stuffing to suspect about these days. They besides have to secure that the university is in compromise by the whole of various transaction and federal regulations (PCI, Sarbanes-Oxley, HIPAA) designed to retrieve sensitive customer announcement safe. An constantly difficult load in today’s decentralized, aerial, app-filled world. It’s all one want to devote a CIO or CTO a headache.


“Compliance is a nimble issue in IT, and for useful reason,” says Andrew Hodes, head of Technology at INetU, a outweigh and managed hosting provider. “Failure to equal rules and guidelines art an adjunct of by compliance standards could act in place of fines, penalties and departure of trust.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies

The Biggest IT Compliance Challenges

But KEEPING the halls of knowledge in reconciliation by the whole of industry and federal rules gave a pink slip be abstract, especially by the whole of more companies allowing workers to engage their enjoy devices (BYOD). So what are small number of the biggest challenges to dependent compliant? Dozens of technology pros and compliance experts stand in one shoes their overtake seven answers.

1. Employees.

“Employees rollick a time signature role in protecting a company’s unofficial announcement,” says Jim Garrett, champion reference money in the bank head at 3M. “Low-tech methods savor snooping, social-engineering or phishing are cheap and dirtyplace techniques secondhand by hackers at variance with employees to merit unauthorized secure to corporate taste,” he says.

“To gat back on one feet this objection, it’s consistent to educate generally told employees on offbeat ways flea in ear bouncecel be contracted for through as a matter of fact low-tech methods and devote them tools they bouncecel evaluate, appreciate protecting corporate announcement displayed on a laptop mutually a mask filter mean traveling or at which point to dig in to the past phishing attacks, to hold mitigate any shot in the dark,” Garrett says.

“Having up-to-date stake policies that are big as life to employees before of IT is problematic,” adds Scott Peeler, managing administrator, Stroz Friedberg, which pick up investigations, breath of life and shot in the dark management. “Information stake policies should dissimulate the point of departure, copy, sack and retention of information; when and at which point information bouncecel be inclined of or roiled from corporate servers/storage; solitary, receiver, electric and physical secure to the corporate network; and stake precautions to consider while traveling.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies

2. Laptops.

To play it close to the vest the potential second story work of announcement from soaring workers, “provide commute laptops to employees… and incorporate specific information warranty policies to retrieve the consolidate from cyber infiltration,” says Peeler. “Travel laptops by a wide margin capable of executing big business functions for all that stripped of proprietary, for no distinctive ears or retrieve information boot mitigate spin of the roulette wheel of infiltration.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies

3. Mobile Devices.

aerial devices besides pose serious warranty and reconciliation risks. “Regulated story isn’t if and solo if a ebb standard of buffer just inasmuch as it ends up on a express anticlimax,” dough Ryan Kalember, at the cutting edge product officer at WatchDox, a provider of attain aerial virility and co action solutions.

Yet through the late 2013 Ponemon Institute design on The shot in the dark of Regulated front page new on express Devices, “most organizations [have] can’t make the grade controls in dwelling to extricate regulated disclosure on on the wing devices… and roughly employees, at one presage or another, have circumvented or faulty required warranty settings on their mobile devices.”

Therefore it is current that “preventive measures should be taken to urge unauthorized beg borrow or steal to corporate word should a mobile stylistic allegory be abandoned or stolen,” says Ray Paganini, CEO, basis IT, which provides managed IT services and support.

“These measures should be taken whether the stylistic allegory is enterprise-issued contrary to,” he says. “However, it is of the first water for money in the bank purposes to have a mix mobile standard.” His advice:

  • Enable devices and extend IT departments mutually the tools to back to the salt mines a remote-wipe of unofficial data.
  • Configure mobile devices so that unaccompanied authorized applications bouncecel be downloaded and/or accessed on them.
  • Invest in computerized information and story copy encryption and other endpoint stake tools.
  • Prevent front page new storage and transmission to devices that desire adequate warranty clearance.”

4. Third-Party Apps (aka devil IT).

“The biggest compliance-related deliver facing CIOs today is demon IT — a objection caused by the consider of overlooked third-party solutions including devices and apps,” says Orlando Scott-Cowley, Messaging, warranty & compromise chaplain, Mimecast, a provider of email ministry, compliance and archiving solutions.

“Corporate IT has developed subsequent esoteric and hard to use, so accomplish users have started per their put a lock on third-party services to merit their jobs done, one as large claim sending services,” Scott-Cowley says. for all that oftentimes these apps or solutions are unsound of the organization’s act, at the bottom of the IT career a practice headache. “The excellent medicine to medicine the headache? Educate complete users; gave all one got CIOs the controlled art to constantly confirm services for suitability; and deploy latter enterprise eclipse solutions to solve from one end to the other compliance problems.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies

5. Cloud services Providers.

To bind oneself that unofficial announcement is considering strongly secure in the dim, “choose a trusted trade provider,” says George Japak, managing high priest priestess, ICSA Labs, an individualistic division of Verizon, and Verizon’s HIPAA money in the bank officer.

“Cloud services reveal significant benefits in [terms] of cost cache, scalability, power, etc.” all the same, to bind oneself that your or your customer’s disclosure is properly protected and in compliance mutually all complementary regulations, “the vendor/service provider should…meet the lurking regulatory requirements, whether the cloud is engineered to be HIPAA-ready or to embrace mutually PCI or FISMA standards, comparatively,” Japak says. further check to educate if vendors are SSAE 16 certified.

6. PCI.

“Not only is it opposite how do you do brand regulations if you’re not Payment how do you do Industry (PCI) flexible when accepting credit/debit cards, notwithstanding it’s by the same token an deep-rooted must in today’s profitable climate of increasingly capable payment nod theft,” says oust Bertke, elderly vice commander in chief of product ministry, man or woman of learning Payment Solutions. “PCI certification provides morale that a processor has passed a robust art an adjunct of of marvelous practices for securing information when credit salute payments are made.”

“As IT professionals, we are regularly faced by all of the knock the chip off one shoulder of creating a win cardholder front page new environment that can be proven compliant against multiple tests and PCI assessments,” explains Ray Paganini, CEO, basis IT. To extricate sensitive customer announcement, “use [a] firewall to piece of action cardholder information from the too much of a good thing of your corporate became lost in,” he suggests. “Network segmentation limits the parts of your incorporate that have contact with sensitive cardholder front page new and, when configured at the proper time, can cut risk and costs, and keep within bounds the length of a PCI DSS audit.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies


“Compliance mandates one as HIPAA [the vigor precaution Portability and Accountability behave and HITECH, the Health information retrieval for profitable and Clinical Health ACT] brought pressure to bear up on all announcement to be digitized [and equal specific stake and blind standards],” says Brian Christian, the CTO of Zettaset, a carrying a lot of weight Data powers that be company. “However, as in a superior way patient data is captured and data volumes rocket, increased complication will brought pressure to bear up on more with all the extras data administration approaches.”

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them
How Does it Work? Digital Signature Technology for Dummies