Picture of blog writer

Blogger: Lacy Gruen Director of Product Marketing RES

October 11, 2016

Setting the Record Straight about Governance, Security & Compliance

Governance. Security. Compliance. What comes to your mind when you hear each of those three words? Lately, I have noticed a lot of people using these terms interchangeably. I don’t know if they actually believe that they mean the same thing, or if the terms simply blend together because they are all often interconnected as IT aims to mitigate risks and protect their organization.

Although they often go hand-in-hand, let’s break these concepts down.

The definition of governance is the “establishment of policies and continuous monitoring of their proper implementation, by the members of the governing body of an organization.” When you think about governance, you should think of self-imposed policies. These policies are usually managed and audited by an impartial group or leaders from within an organization. Strong governance is essential to maintaining accountability and communicating expectations (whatever they might be) to the entire organization.

Security is “the state of being protected or safe from harm.” In the business world, this means that an organization is free from or taking actions to prevent danger or threat. As one of the most straight-forward of the three, very few people will disagree that having some type of security strategy in place is a must – no matter how small you are or if you don’t think you have anything of value to protect. The fact is that every organization with data or workers must be secured.

The constant challenge of compliance is defined as “the action or fact of complying with a wish or commend.” We are not talking about self-imposed requirements (like in the case of governance) – instead, this is a set of rules or requests coming from outside the organization. Another important thing to note is that compliance often needs to be validated or proven to the third-party who set forth the set of rules or requests. If compliance is not taken seriously, you can end up with a ruined reputation and find yourself facing hefty fines or maybe even criminal charges.

Here is the tricky part. In many cases, there are multiple intersection points across governance, security and compliance. For example, an organization may enforce security policies that protect from malicious attacks that could lead to data loss, resulting in a breach of compliance. Governance models may be put in place to give added confidence that security rules are being followed. Or governance activities can be tracked used to demonstrate compliance. Lastly, organizations can get closer to achieving compliance by investing in security.

Often the dependencies on one another result in governance, security and compliance being seen of equal importance, so it’s no wonder why the three terms get interchanged and jumbled together. Ultimately, an organization wants to be successful across all three areas.

You might be asking; how does an organization achieve all three?

Although we’ve established that governance, security and compliance aren’t the same thing, they can, and should, build upon each other to strengthen your organization. Security is often the foundation. A strong security strategy can help drive your governance model and support compliance initiatives. If you have the right tools and processes in place, you can quickly achieve your goals and ensure that productivity doesn’t fall to the wayside despite the critical need to secure and govern an organization’s environment and work toward compliance. That is where we can help!

With RES and GCA, you get a foundational digital workspace that gets you moving in the right direction with your existing initiatives and sets you up for future success. RES solutions have a unique, people-centric approach that combines identity management, access management and governance within its security solution. GCA has the expertise around the best practices for implementing these solutions and aligning with business processes for maximum impact. With these capabilities, enterprises easily achieve compliance around most data protection focused regulations such as HIPPA, PCI, GDPR and more.

We provide quick time to value – you can start realizing immediate impact to your organization:

  • Protect your data and workers against external and insider threats
  • Reduce risk and ensure compliance through increased insight and visibility
  • Balance worker security and productivity with automation and self-service

If you would like to learn more about how we can help you with governance, security and compliance, visit us at CSX 2016 North America Conference on October 17-19 in Las Vegas or contact your GCA sales representative at sales@gca.net.