Annual compliance audits don't cut it

Muggie van Staden, CEO at Obsidian Systems.
Muggie van Staden, CEO at Obsidian Systems.

In today’s work-from-home era, security needs to function as a business enabler and be an integral component of every business’s daily processes. At the same time, keeping up with compliance standards plays a critical role in making sure any organisation is secure.

However, one great mistake that many businesses make is thinking that if they are compliant today, they will remain compliant forever. Regulations, infrastructure and standards change constantly and, more often than not, without end users being aware of the changes.

This means that compliance requires vigilance and review. With the fast pace of technology adoption, with the likes of containers and cloud, one cannot wait for annual compliance audits, says Muggie van Staden, CEO at Obsidian Systems.

Today, systems are rapidly deployed and destroyed, as they should be,” he adds. “The challenge is that in many cases those systems are not checked for compliance.”

One great mistake that many businesses make is thinking that if they are compliant today, they will remain compliant forever.

A specific service will run for a few days and then be removed, but that service still needs to be compliant. “The only way to achieve this is for constant compliance testing, and even constant compliance automation.”

ITWeb Governance, Risk & Compliance 2021

Don’t miss out, register now for the 11th ITWeb Governance, Risk & Compliance event, where we will explore all the avenues and channels that organisations can employ in their pursuit to becoming fully compliant by 1 July. At this case study-driven, virtual event, you will hear about the latest technologies and trends influencing IT governance.

Speaking of the steps to take to implement continuous compliance, van Staden says it is critical for businesscompliance, risk and security  to define the key compliance metrics applicable to each environment.

“From there, it is possible to put the necessary systems in place to check against those metrics on a continuous basis. Business needs to also realise and enable IT, risk and compliance within the organisation to deploy the necessary technology to do this,” he explains.

Finally, van Staden says an annual report will just not cut it in today’s environment. 

“The CIO has the responsibility, and should have the ability to, at any given time in a day, check a dashboard that shows how many systems are non-compliant within the organisation."

Karl Fischer, automation lead at Obsidian, and Simon Fisher, director of EMEA presales and customer success, at Chef Software, will be presenting on ‘How to implement continuous compliance and audit processes in order to effectively mitigate risks in a fast paced digital era’, at ITWeb Governance, Risk & Compliance, to be held as a virtual event on 11 February.