Continuous Compliance - Focus on security, not spreadsheets
Beach scene by Chen Mizrach on Unsplash

Continuous Compliance - Focus on security, not spreadsheets

The image above represents something happening day in, day out within busy security teams, a quick-fire request for data regarding security status or operations; passed on without appreciating the time required to answer comprehensively.

This goes some way to illustrate what we do for our customers every day here at Strata; join up systems & data to provide insight, so you can focus on security (or your holiday), not copying-and-pasting data from disconnected systems. We call this Continuous Compliance.

What is Continuous Compliance?

Continuous Compliance is when you track your organisation's status against security best practice, using real data from your systems. Usually this would be aligned with a best practice framework (e.g. ISO 27001/2, PCI DSS, NIST, Cyber Essentials, NCSC CAF).

Can you give a specific example?

No alt text provided for this image

Following on from the image above, Continuous Compliance would be when you have a single, consistent view of patch status, regardless of environment, tenure or technology, and you can use that same data for daily operations, management and executive reporting.

How does it help my organisation?

The benefits of Continuous Compliance are wide-ranging, but the primary benefit is efficiency:

  • Daily work streamlined - you can immediately access details of all your assets and their security status, in one place. No more switching tools, no more Excel hell.
  • Be sure of your status - At the end of every week, you can down tools, being sure that all is as it should be. No more uncertainty, no more switching (even the Macs in the design team).
  • Demonstrate value - With a reliable dataset, creating consistent management and executive metrics & reporting takes minutes, not hours or days.
  • Always audit ready - Typically, audits or other questions from stakeholders (e.g. investors) sap time because data needs careful preparation to ensure consistency and prepare correlating evidence. With Continuous Compliance, you could even just give the auditor direct access to your dataset.

Also, number of security control failures (e.g. where something is missed) is reduced (because you are always tracking them), and the cost of remediating issues that do occur is also reduced because you have clear data available to guide that process.

How do I achieve it?

In days gone by, Continuous Compliance required bespoke data warehouses to be developed and maybe even having to hire an extra person (or engage an internal team) to manage data collection and aggregation.

Thankfully, today, things are different.

Strata's platform, Insight, is probably the simplest and most accessible; our platform collects data from your systems, clouds and security tools; joins it up into one place and provides the insight that your security teams need to get the job done.

Finally, your team can concentrate on managing security, not spreadsheets.


Jean-Christophe Gaillard

Founder & CEO, Corix Partners

2y

Rupert Brown ; Rupert, feel free to reach out to Chris to see if there might be ways of linking what he does to what you're doing; cheers

Like
Reply

To view or add a comment, sign in

Insights from the community

Explore topics