Break IT down: Six benefits of automating compliance and security policies

By: Nicholas C.M. Fuller, PhD

Bigstock

Enterprises need a scorecard to keep track of and stay up to date with the many regulatory requirements they must follow to protect their organizations’ sensitive data. This drives significant complexity into the governance of the applicable internal security policies and best practices within an enterprise, causing immense stress for CIOs and IT managers.

Cognitive computing transforms how organizations adhere to regulations and security expectations. Continuous Compliance, leveraging automation and machine learning, creates an error-free, uninterrupted process that guarantees all industry requirements and internal security policies are met.

Here are six ways that cognitive technology helps enterprises turn compliance into an active, controlled process.

1.Trigger faster resolution with security health checks

IT departments typically examine servers for security settings as a “secondary control,” doing it only periodically as it takes time to manually review findings, identify potential resolutions, and then apply the relevant fixes. For example, if an application or server isn’t essential for operations, an IT team may review it less frequently than mission-critical workloads. But the penalties for noncompliance and the risks of poor security are too severe to ignore.

Continuous Compliance transforms the health check security process to a “primary control” process by maintaining the compliance state at all times. When noncompliance is detected, it is remediated immediately, much faster than the typical industry standard. Eliminating these secondary controls, Continuous Compliance automates the monitoring, review, and remediation of tasks, providing your IT team immediate visibility into the compliance state of any server and any noncompliance issues introduced.

2.Reduce complexity and human errors

Manual compliance review opens up a lot of room for error. The cycle time for corrective actions is lengthy, and omissions and errors are common when teams manually pass large amounts of data from health checks and patch scans back and forth, typically in spreadsheets.

Continuous Compliance facilitates 100% automation of the health check security process for the first time. The service eliminates the need to obtain, process, and analyze information from every server, which in turn eliminates data manipulation or additional repositories that need to be managed and analyzed. Removing remediation from practitioner-led compliance and security review reduces the risk that an error or oversight will lead to a compliance blunder.

3. Achieve unmatched visibility and auditability

Continuous Compliance provides IT teams a clear and uncomplicated view of their computing environments’ state of compliance. Users can obtain temporal and fixed-time perspectives across all compliance possibilities for their environments. At any point in time, analysts, compliance officers, and the like can drill down into these views to determine why a server is non-responsive or identify the policy deviation that led to a noncompliant server and how that deviation was remediated.

After an initial assessment is conducted, users can then view how an account is brought into compliance. This is complemented by policy, remediation, and a wealth of other pertinent views that provide a 360-degree perspective on the overall compliance state of the environment, thereby achieving unmatched visibility.

Continuous Compliance visibility eliminates the typical two- to four-week dash to gather information to support an audit. It provides complete visibility into the compliance state of servers and the actual security policies that are being enforced, as well as any policy-change requests and their approvals.

4. Identify unauthorized changes and eliminate “noise”

Continuous Compliance is configured with the policies that must be applied for the different categories of servers (development/test, production, Internet facing, etc.) and the level of stringency to which each policy should be applied. This eliminates false-positives and the governance through approvals of policy/attribute changes, and quickly catches any out-of-process implementation of security configuration changes that violate established compliance and security policies.

5. Data-driven compliance insights

The increased proliferation of data on the compliance state of servers in a client’s environment on a daily basis affords increased insights. Artificial intelligence mines patterns within the compliance data from servers, endpoints, and other sources and then pinpoints possible additional issues.

For example, this process offers IT teams visibility into the risk of fixing or allowing exceptions to issues by leveraging a historical perspective within and across the estate. If a team addressed the same issue for seven consecutive days, but the automation process is working well, IT might determine that a systemic problem is to blame, requiring further introspection. Similarly, if protocol was not followed for installing a new application, Continuous Compliance, coupled with other capabilities, can determine the policy violation, culpable control points, and the remediation necessary to achieve compliance.

6. Compliance from the birth of an application

With the advent of agile and DevOps, it’s imperative that security compliance is baked in during the development cycle so that at the time of deployment/upgrades, your infrastructure is secure.

It’s not acceptable to have rapid development, deploy, and run cycles but not have the infrastructure secure from Day 1.

Integration of cognitive security compliance into the DevOps toolchain from the start of development ensures that an application is compliant with your company’s security requirements, which speeds the transition from development to production operations.

Your enterprise can’t fall behind on compliance — the penalties are too stiff. Continuous Compliance autonomously manages the compliance and security posture of your servers, images, and endpoints so that your enterprise can focus more on innovation and business needs.

Learn more about Continuous Compliance and IBM Services Platform with Watson.

Article contributors: Brian Peterson, IBM Distinguished Engineer, CTO & Chief Architect of Delivery Automation Solutions; and Milton Hernandez, IBM Distinguished Engineer, Service Enablement and Compliance.

Topics: , ,

About The Author

Nicholas C.M. Fuller, PhD

Senior Manager, Cognitive Service Foundations, IBM Research

With an incredible array of 63 patents, Nicholas C.M. Fuller, PhD has collaborated with IBM Services Platform and Watson cognitive computing during his 20+ years combined experience in scientific research. He has contributed to cloud technologies, IT service management, photovoltaics and semiconductor technology.

Post a comment