Who really owns compliance?

Ennio Carboni, Ipswitch
Ennio Carboni, Ipswitch

In today's highly connected and digitized world our growing reliance on the Internet to house everything from patient medical records to credit card payment data has demanded the secure management of networks and file transfer processes.

However, in the midst of ever changing compliance requirements, an organization's ability to move sensitive data while meeting security standards has become an increasingly complex and frustrating process. When it comes down to the bare bones of exactly who is responsible for managing and enforcing these compliance and security requirements there is a detrimental miscommunication over ownership.

A recent survey on compliance from Osterman Research and Ipswitch revealed that 40% of chief information security officers (CISOs) leave compliance management up to IT and 54% of IT professionals believe business managers don't take an active enough role in enforcing compliance policies.

Major concerns

Ensuring an organization understands and maintains compliance is a heavy burden with many moving pieces, and is one that cannot be achieved by the IT department alone. In the same survey, 34% of IT professionals admitted they are concerned that security managers don't understand how difficult compliance management really is.

So how exactly can IT better synchronize with other divisions to maintain more control over the security and compliance needs of their organization?

Whether it's a case of ownership, increased communication with business lines or policy enforcement, it's clear that IT's ability to manage compliance could be enhanced through better coordination with line-of-business (LoB) functions.

What IT wants

While IT is charged with keeping business processes smooth and secure, they have little control over file movements across an organization. According to the Ipswitch survey results, the majority of IT professionals would like to work more closely with LoB functions to meet compliance requirements and industry regulations: 35% of IT professionals would like to work a bit more closely with LoB functions, while 28% would like to work much more closely together.

Additionally, managers must always encourage and enforce uniformity in technical safeguards, including access controls, encrypted communication, event logging and written records of detailed files.

In order to streamline this process, IT should consider a cloud-based solution to help improve management and insight into operations across the organization. Automated managed file transfer (MFT) solutions provide transparency over the movement of files and help strengthen IT processes through scalability, reliability, failover, and disaster recovery.

The role compliance plays in IT can vary greatly based on the organization, yet every enterprise could benefit from greater efficiency in their compliance initiatives. Like cogs in a well-oiled machine, a multi-pronged approach to compliance is the only means to ensure total coverage, security and peace of mind. If ownership cannot be jointly shared, organizations will certainly be setting themselves up for audit failure, fines and potentially damaging breaches.

  • Ennio Carboni is EVP of Customer Solutions at Ipswitch