For many businesses, the ideas of security and compliance can blur into one. Because these two concepts share some common features, it's easy to believe that achieving compliance with industry regulations is all that's really necessary to keep employee and customer information, as well as intellectual property, safe from harm. However, this simply isn't true. In fact, confusing security and compliance can lead to massive problems in the organization.
Two birds of a feather?
Security often does play a role in compliance, but Dark Reading recently pointed out that mistaking these two elements can be a recipe for failure. This is because compliance refers to the minimum standard companies need to do to adhere to any relevant regulations, such as HIPAA, SOX, PCI or GLBA. However, if businesses treat compliance as something they can address in the same manner as checking off boxes on a to-do list, they may not actually be getting adequate protection from the majority of threats.
"Too many security professionals are moving away from doing real security and are doing more in compliance," Javvad Malik, a security analyst at 451 Research, told the source. "We don't need more auditors."
In a YouTube video, Malik delved a bit deeper into what separates security from compliance. Using the metaphor of getting ready to ride a motorcycle, Malik explained that good security practices are like putting on a full range of protective gear – boots, sturdy pants, a jacket, gloves and a full-face helmet – instead of just setting off in a T-shirt and shorts. But he also noted that taking all those steps can be expensive.
Because of this, Malik noted that many people who ride motorcycles opt for compliance over security. The law doesn't require bikers to suit up with anything more than a helmet, and full-face models aren't even required. While it's possible to ride a motorcycle with just a very basic helmet, it's not exactly safe, and any accidents that occur will be much more severe than they would have been if the individual had been dressed in more protective garments.
In order to ensure records are truly protected from data breaches and other dangers, organizations can't simply maintain bare-bones compliance. Instead, they need real security, which can be more difficult to achieve but worthwhile in the long run. Bringing in remote database support is an excellent option for companies that need to get on the right track.