BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Alleviate Regulatory Compliance Strains on IT Pros

Posted June 19, 2012    Peter McCalister

As regulations continue to evolve and audits become even more comprehensive, many organizations are resource- strained trying to comply with critical government regulations. The reality is these regulations are unforgiving and non-compliance results in penalties, lost business and other indirect costs. A centralized solution to manage compliance provides a more actionable intelligence to available manpower without losing sight of broader IT security protections.

IT departments can waste a significant amount of time trying to manually prepare compliance audits and reports to management. In a recent poll by eEye Security, more than 85 percent of IT pros are impacted by regulatory compliance and industry standards including ISO, PCI, DSS, and HIPAA. The report further shows efficiently managing this takes up to 50 percent of their work week. Put into perspective, that is entirely too much time where efforts could be focused on actually reducing the threat landscape, rather than reporting on it.

To combat the vast economic ramifications of cybercrime, new regulatory mandate such as FISMA and FedRAMP for the cloud, require continuous monitoring and reporting of security processes. This order is a truly critical point to make to organizations in light of a continuously changing threat lanscape. Raising the wall against their malicious counterparts has to happen. This trend is only going to compound as time goes on, however there are ways to manage this without companies having to spend more.

Implementing strategic solutions that simplify this regulatory maze is invaluable to IT pros trying to maintain a tight perimeter around their organizations. Automated processes for compliance management for corporate policies, government regulations, and industry standards, keeps organizations up-to-date with changes to regulatory controls and newly discovered vulnerabilities. IT departments can now navigate through the regulatory landscape with all the information compiled into a dashboard, instead of the time straining task of extracting the raw data manually. Daily compliance can be timely, repeatable, and more importantly actionable when compliance violations arise.

Leave a Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,