In our 2020 Trends blog, Imperva CTO Kunal Anand predicts that fully automated processes will make compliance more rapid and less expensive. As businesses incorporate security into software development lifecycles (SDLC), continuous integration-continuous deployment (CICD) processes will reduce risk and make security more cost effective and scalable.
More and more businesses are switching to software applications with shorter development lifecycles. Making compliance part of the DevOps process could result in improved agility in the market and better risk-management.
According to Dzone.com, “When compliance is part of your company’s business culture, your company will be better positioned to take advantage of marketplace opportunities.”
Compliance For The Modern World
Digital transformation and the mass use of connected devices and applications means data is growing at a rapid pace. It’s not only growing in volume, but also in value as organizations use the personal data they collect to unlock new business opportunities.
This abundance of data brings with it new challenges for large enterprises that are under increasing pressure by regulators to protect the privacy of their customers’ data against a growing number of cyberattacks.
New data protection laws such as The General Data Protection Regulation (GDPR) have brought about significant changes in how data is stored and shared today, and the U.S. will continue this trend with the introduction of the California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020.
Data protection laws give consumers the right to control what happens to their personal data. It subjects organizations to a number of obligations such as ensuring consumers’ personal data is protected and stored securely, allowing consumers the right to be forgotten (GDPR), or giving consumers the right to decide whether or not their personal data can be sold (CCPA).
A common theme running through the different data regulations is operational stability and risk mitigation with related technical processes and procedures often positioned as key compliance requirements. Take the example of the GDPR’s ‘Privacy by Design’ principle which states that “companies must have in place technical and organizational measures (TOM) to protect data safety.” Similarly, The New York Department of Financial Services’ NYDFS regulation outlines several policies and procedures financial organizations should put in place to protect customer data and the security of operations.
The Cost of Non-Compliance
A report by the Ponemon Institute found that the average cost of compliance for an organization was $5.5 million. Meanwhile, the average cost of noncompliance was $14.5 million.
As data continues to grow, and regulation becomes more stringent, these costs could really hold an organization back from innovating and keeping up with the competition. Despite these findings, many companies continue to manage compliance as a separate entity from business operations. This has been the case particularly in large financial institutions where, rather than managing compliance with a view to identifying and mitigating risk, compliance has been seen as an “enforcement arm of the legal function.”
Just as compliance gives consumers the right to control what happens to their own personal data, consumers also have every right to feel confident that their data is secure and the environment that’s hosting it is fully compliant.
Wouldn’t it make more sense therefore for organizations to build compliance and risk mitigation into the DevOps process?
Featured Webinar: Take on 2020 with Vision. Imperva CMO David Gee sits down with Imperva CTO Kunal Anand to discuss all the trends you should watch for in 2020. Watch here.