With the threat landscape expanding in every direction, it's never been more necessary for companies to ensure that their proprietary data is protected from the growing army of saboteurs intent on stealing it. Complementary to these concerns, however, is the added requirement that companies get in line with state and federal regulations and industry mandates. While many regard compliance as a headache, others recognize that ensuring an enterprise is ready for regulators can also add to its security posture. The tough part, many say, is getting the C-suite to see it that way.
Many organizations see compliance as an obligation, says Scott Crawford, managing research director of security and risk management at Enterprise Management Associates, a Boulder, Colo.-based firm that provides research, analysis and consulting services to IT professionals. “Regulators tend to see it largely as establishing the floor rather than a ceiling, since so many organizations tend to minimize their efforts, either out of ignorance or because they see security as burdensome or too costly without providing sufficient benefits in return.”