- Community Home
- >
- Servers and Operating Systems
- >
- Servers & Systems: The Right Compute
- >
- How much security compliance is enough?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
How much security compliance is enough?
All organizations, regardless of size and industry, need to protect their data. By following compliance standards as much as possible, businesses can improve their security posture.
In many businesses, IT staff is accustomed to working within budget limitations, despite the rising demands of investing in new technologies like automation, efficiency, and hyperconverged infrastructure. According to the 2019 Spiceworks State of IT report, about 35 percent of IT departments in small or mid-sized businesses are planning a budget increase, but just over half plan to keep it exactly the same.
IT departments should focus on using their budgets, no matter their size, to acquire the most secure infrastructure needed for their businesses. In addition, IT staff should add security compliance to their ever-increasing list of duties.
But how much time should be spent on security compliance and audits? And how can you manage the compliance issues most relevant to your respective industry? These are questions that the IT leader must consider in order to best use limited resources.
Comply with everything?
Security compliance is a minefield, and complying with too many standards is pointless. Aside from the mandatory standards, organizations should try to select only those that add business value.
For example, defining client payment data is important to most businesses, but it may not be the top priority for all of them. "PCI DSS (Payment Card Industry Data Security Standard) compliance is a headline standard for many small businesses," says Ian Rowlands, vice president of product management and metadata at ASG Software Solutions.
"The nasty truth is that it's only a tall tree in an extensive forest of regulations. From Occupational Safety and Health Administration (OSHA) standards and Environmental Protection Agency (EPA) regulations to Health Insurance Portability and Accountability Act (HIPAA) and many others, the list varying by industry can be overwhelming."
Businesses should take baby steps when it comes to security compliance, starting with a security standard that is easier to comply with, like the ISO/IEC 27002, which deals with end-to-end security.
"It is easy to understand, and it is up to the company to determine the level of detail. For example, it does not dictate that passwords be eight characters long. It requires that you have a secure log-in control," remarks Jeff VanSickel, principal consultant and compliance practice lead at SystemExperts.
Plan carefully
Though not all compliance requirements concern security, IT will likely be involved in the careful planning required to achieve and maintain compliance in almost all cases. "Consider strategy and tactics" along with "inventory resources to be managed," said Rowlands. "Define management policies, analyze risks for each resource type, expect that you will suffer an attack, and make contingency plans." Keep your IT infrastructure simple, and outsource to service partners where possible.
You may already be unofficially compliant
When your company bought its first server, it already had to conform to the information security process. However, "the problem was the company opened up the box, installed the server, changed some settings in the name of securing the server, and it didn't document any of it," VanSickel explained. "When asked if security is in place, IT can say yes, but IT can't prove any of it."
To prevent these headaches, try to keep the documentation from when you first secured your environment. If it's already too late, you can at least plan your budget knowing that all you need to do is prove compliance in those areas.
IT solutions for all businesses
Above all else, remember that information security programs are not just for technology companies. "I worked with a CEO once who said his company made dresses. He asked why it would need a security program," VanSickel said. "I explained why knockoffs of his dresses were showing up before his company had released the dress to the public. Dress designers weren't encrypting the designs being sent overseas to make samples, and someone along that path was stealing the designs, replicating them, mass-producing them, and getting them to market faster."
SMBs of all industries are a major target for hackers, according to a 2017 report compiled by The Ponemon Institute, and they're experiencing increasingly sophisticated attacks at a higher rate. It's clear all organizations, regardless of size and industry, need to protect their data. By following compliance standards as much as possible, businesses can improve their internal corporate security profile, while proving their security posture to industry peers and clients.
For more information on how SMBs can overcome other common challenges they face, check out IDC's SMB predictions for 2019.
Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no "dumb" questions!
Are you ready to purchase? Visit the HPE Store.
Featured articles:
- 5 security mistakes companies keep making
- Want to know the future of technology? Sign up for weekly insights and resources
RobertChecketts
Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMBโs end-to-end affordable infrastructure thatโs secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.
- Back to Blog
- Newer Article
- Older Article
- Dale Brown on: Going beyond large language models with smart appl...
- alimohammadi on: How to choose the right HPE ProLiant Gen11 AMD ser...
- Jams_C_Servers on: If youโre not using Compute Ops Management yet, yo...
- AmitSharmaAPJ on: HPE servers and AMD EPYCโข 9004X CPUs accelerate te...
- AmandaC1 on: HPE Superdome Flex family earns highest availabili...
- ComputeExperts on: New release: What you need to know about HPE OneVi...
- JimLoi on: 5 things to consider before moving mission-critica...
- Jim Loiacono on: Confused with RISE with SAP S/4HANA options? Let m...
- kambizhakimi23 on: HPE extends supply chain security by adding AMD EP...
- pavement on: Tech Tip: Why you really donโt need VLANs and why ...
-
COMPOSABLE
77 -
CORE AND EDGE COMPUTE
146 -
CORE COMPUTE
130 -
HPC & SUPERCOMPUTING
131 -
Mission Critical
86 -
SMB
169