The cost of non-compliance is more than twice that of compliance costs. Non-compliance with the ever-increasing and changing regulatory requirements can have a significant impact on your organization’s brand, reputation, and revenue. According to a study by the Ponemon Institute and Globalscape, being compliant will cost you less compared to business interruptions, loss of revenue, and hefty fines.
Data detonation and regulations and rules
As organizations go through digital transformation, they are generating and consuming much more data than in the past to help them gain an side over their competitors. This data is necessary to continue to stay relevant by empowering employees, engaging clients, and optimizing runnings. Managing this data and various types of devices on which it is created can be complicated, especially when it comes to ensuring compliance.
Not simply is the amount of data IT must oversee exploding, regulations on how that data can and should be handled are also increasing. Collecting customer and citizen data is often an integral part of how public and private sector organizations part. While there has been progress over the last few years, the new challenges of maintaining and protecting personal data continues. Regulations are creating a need for the responsible usage of personal data, and the stakes are high. Not be conducted in conformity with regulations can result in significant penalties and reduced credibility with regulators, customers, and citizens.
Manage conformity challenges
According to a recent report about the cost of compliance, there were more than 215 regulation updates a day from over 1,000 regulatory bodies all over the world, a slight decrease from the previous year. For example, enforcement of the California Consumer Privacy Act( CCPA ), Brazil’s Lei Geral de Protecao de Dados( LGPD ), and Thailand’s Personal Data Protection Act( PDPA) began in 2020.
Organizations face every kind of perils, including financial, legal, people, IT, and cybersecurity perils. Below are some of the challenges we are seeing due to the dynamic nature of the compliance landscape.
Keeping up with continually changing regulations is a struggle. With all the regulatory and standards torsoes making new or revising existing requirements and guidelines, continuing up to date is time and resource-intensive. Point-in-time evaluations create a digital blind spot. Many organizations rely on point-in-time ratings, like annual inspections. Unfortunately, they can go out of date quickly and expose the organization to potential risks until the next assessment is done. Organisations are looking for ways to improve integration and create near real-time evaluations to control risks caused by digital assets. Inefficient collaboration and siloed knowledge lead to duplication of effort. Organisations are often challenged due to siloed knowledge concerning IT risk management. IT and security admins know the technology answers but find regulations difficult to understand. Contrast that with compliance, privacy, and legal teams who tend to be familiar with the regulations but are not experts in the technology available to help them comply. In addition, many organizations start their compliance journey applying general-purpose tools like Microsoft Excel and try to track compliance manually, but quickly outgrow this approach because of the complexities of managing compliance activities. Complexity across IT environments impedes adoption. Understanding how to integrate the many solutions available and configure each one to minimize compliance risks can be difficult. This is especially true in organizations with solutions sourced from multiple marketers that often have overlapping functionality. Decision-makers wishing simple step-by-step guidance on how to attain appropriate tools work for the industry standards and regulations they are subject to.
Microsoft Compliance Manager is the end-to-end compliance management solution included in the Microsoft 365 conformity centre. It empowers organizations to simplify compliance, reduce risk, and fulfill world, industry, and regional compliance regulations and standards. Compliance Manager translates complicated regulations, standards, corporation policies, and other desired control frameworks into simple language, maps existing regulatory framework and recommended improvement acts, and renders step-by-step guidance on how to implement those actions to meet regulatory requirements. Compliance Manager assists clients prioritize study by associating a score with each action, which accrues to an overall compliance score. Compliance Manager provides the following benefits 😛 TAGEND
Pre-built evaluations for common industry and regional standards and regulations, and tradition assessments to meet your unique compliance needs. Appraisals are available depending on your licensing agreement. Workflow functionality to help you efficiently complete risk assessments. Detailed guidance on actions you can take to improve your degree of compliance with the standards and regulations most pertinent for your organization. Risk-based conformity score to help you understand your compliance posture by evaluate your progress completing improvement acts.
For organizations running their workloads simply on-premises, then there 100 percent responsible for implementing the controls necessary to comply with standards and regulations. With cloud-based services, such as Microsoft 365, that responsibility becomes shared between your organization and the cloud provider, although is ultimately responsible for its protection and compliance of their data.
Microsoft oversees controls relating to physical infrastructure, security, and networking with a software as a service( SaaS) provide like Microsoft 365. Organisations no longer need to spend resources building datacenters or setting up network controls. With this modeling, organizations oversee the risk for data classification and accountability. And risk management is shared in certain areas like identity and access management. The map below is an example of how responsibility is shared between the cloud customer and cloud provider with various on-premises and online services models.
Figure 1: Shared responsibility model
Utilize a shared responsibility model
Because responsibility is shared, transitioning your IT infrastructure from on-premises to a cloud-based service like Microsoft 365 substantially reduce your onu of complying with regulations. Take the United Country National Institute of Standards and Technology’s NIST 800 -5 3 regulation as an example. It is one of the largest and most stringent security and data protection control frameworks used by the United Nation government and large organizations. If your organization were adhering to this standard and using Microsoft 365, Microsoft would be responsible for managing more than 75 percent of the 500 plus controls. You would only need to focus on implementing and maintaining the controls not managed by Microsoft. Contrast that situation with one where your organization was operating 100 percent on-premises. In that case, your organization would need to implement and maintain all the NIST 800 -5 3 controls on your own. The period and cost savings managing your IT portfolio under the shared responsibility model can be substantial.
Figure 2: NIST examples of shared responsibilities
Compliance Manager helps you prioritize which actions to focus on to improve your overall compliance posture by compute your conformity rating. The magnitude to which an improvement action impacts your compliance rating depends on the relative risk it represents. Phases are awarded based on whether the action risk level has been identified as a combination of the following action characteristics 😛 TAGEND
Mandatory or discretionary. Preventative, detective, or corrective.
Your compliance score measurements your progress towards completing recommended activities that help reduce risks around data protection and regulatory standards. Your initial rating is based on the Data Protection Baseline, which includes controls common to many industry regulations and standards. While the Data Protection Baseline is a good starting point for assessing your conformity posture, a conformity score becomes more valuable once you add evaluations relevant to the specific requirements of your organization. You can also use filters to view the portion of your compliance score based on criteria that includes one or more answers, evaluations, and regulations. More on that later.
The image below is an example of the Overall compliance score section of the Compliance Manager dashboard. Notice that even though the number under Your phases achieved is zero, the Compliance Score is 75 percentage. This demonstrates the value of the shared responsibility model. Since Microsoft has already implemented all the actions it is responsible for, a substantial portion of what is recommended to achieve compliance is already complete even though you have yet to take any action.
For more information on Microsoft Compliance Manager, please visit the Microsoft Compliance Manager documentation. To learn more about Microsoft Security answers visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post Simplify compliance and oversee peril with Microsoft Compliance Manager showed first on Microsoft Security .
Read more: microsoft.com