Webinar Registration: The P2G Advantage
By Fouad Khalil, Senior Director, Compliance
Security must be part of everything that we do. Whether we’re moving into a new facility, bringing on new talent, designing new solutions, deploying software and hardware, publishing to the cloud, managing customer installations, etc.
Security is simply part of it all.
Organizations (across all levels and industries) continue to struggle with ensuring security as part of business as usual activities. Whether you deploy on premise, off premise, off shore or in the cloud, we are faced with varying risks requiring compliance mitigation and security controls implementations.
The everyday question is “how do I keep up?” or better yet, “how do I sleep better at night?”
As a security and compliance practitioner for many years with a background as a change agent, I strongly believe that you can only manage risks we face with continuous monitoring, continuous compliance, continuous security and continuous assurance.
As of late, organizations across the globe are moving to a cloud IT strategy on top of on-premise deployments. Many factors come into play as we evaluate the potential impacts of:
- The BYOD strategy (even pre-pandemic days)
- Rapid expansion and use of IoT devices
- Emerging AI
- The security of my cloud infrastructure,
- Regulatory impacts, and last but least,
- Privacy laws and legislations that are now business as usual.
Risk identification, ownership, remediation and prevention is everyone’s responsibility. Establishing an essential and complete foundation for your security, compliance and privacy program is the path to establishing continuous oversight.
Controls are implemented within a company's perimeter and enforced with vendors, partners and 3rd (4th, ...Nth) party service providers. Controls implemented based on risk to “protected data” have the potential for success. This is only possible when a workflow based, complete and up-to-date inventory of all data is made available (and refreshed at least annually).
The establishment of effective controls over protected data across its entire lifecycle is the basis for achieving continuous compliance. Merge that with the ability to continuously monitor and continuously audit these controls, establishes the foundations for continuous assurance. You have what is referred to “out-of-the-box” compliance independent on where your production environment is housed.
Rest assured that when all is said and done and you can proudly attest that you have a mature security and compliance program that is continuous and part of everything you do, that good night sleep might happen after all!
Allow me to wrap up my thoughts here by sharing my recent article titled “The landscape from above: Continuous cloud monitoring for continuous assurance” that was published in the 2020-2021 Henry Stewart Publications Cyber Security: A peer-reviewed journal Rev 4. The article dives into a great detail on how to establish true continuous assurance in the cloud.
About the Author
As Senior Director, Compliance at Locus Robotics, Fouad is responsible for internal and external compliance programs, auditor education, alignment with industry best practices and cross-functional support. He brings extensive experience in the technology space with more than 25 years spanning disciplines in software development, IT support, program and project management and most recently IT Security and Compliance management. Khalil’s career path in technology has provided him with keen insights in the areas of network, system and database administration, software programming, system, software and GUI design, project and product development, solution implementation and much more. For nearly the past two decades, Khalil has focused on data security, security investigations, cybersecurity, security training and awareness, and security compliance– serving as an industry expert in key areas such as IT, NIST, Internal Controls over financial reporting, Sarbanes-Oxley, GDPR, CCPA, PCI DSS, HIPAA and HITECH. Khalil holds a Bachelor’s degree in Electrical and Computer Engineering from Marquette University and CISA, CDPSE and ITIL Foundations certifications. Additionally, he is an active member/contributor in ISACA, IIA and Infragard.
Article
