How the channel can capitalise on compliance

Advice 2010-09-06 11:49
Vigil Software's Murray Pearce says compliance presents an opportunity for security resllers to become strategic

When the Information Commissioners Office (ICO) announced its plans to introduce a fine of £500k for serious data breaches it sparked a considerable debate on the legal obligations of organisations when it comes to handling data.

Introduced following a spate of high profile data losses, the new powers sent out a clear warning to organisations that failure to adhere to data protection requirements would not only mean loss of reputation and loss of public trust, but could also have serious financial implications. 

The new powers also underlined that compliance with security standards is impacting organisations of all sizes across both the public and private sector. In fact, compliance is now the key driving force behind the majority of IT security decision-making; increasing regulatory pressures and new industry standards and best practice, are placing new demands on those tasked with ensuring the integrity of their organisation’s data.
Requirements and regulations
In the past year alone, new requirements and regulations such as GCSx 4.1, GPG 13 and the HMG Security Policy Framework have continued to drive demand for specialist solutions. For the private sector, large-scale (Level 1) retail merchants are preparing for the end of September deadline by which they must be fully compliant with the PCI DSS standard. This requires that a detailed onsite assessment takes place annually, plus quarterly network vulnerability scans. Version 2.0 of the PCI DSS standard is scheduled to be published on October 28, 2010, with the anticipated effective date Jan 11, 2011.

What has been the impact of these new requirements for the channel? Do they feel that there are strong levels of understanding on regulatory drivers such as GCSx and PCI DSS and what more can, or should, be done to raise levels of awareness?  Do they perceive that compliance is strengthening levels of security, or is it simply creating further work for over-stretched managers?

The consensus on compliance
The findings from a recent survey seem to suggest that both are, to some extent, true. Earlier this year we surveyed a number of resellers to gauge their opinions on the security landscape and compliance issues.

The results showed a strong consensus amongst the channel and revealed that an overwhelming majority – 92 percent of those surveyed - believed that increased requirements around regulatory compliance have enhanced levels of security. However a similarly large majority, 92 percent also believe that these extra layers of compliance have created an additional burden for those tasked with ensuring security breaches do not occur. Our own experience is that compliance requirements can give the impetus and authority for budget requests to be approved to implement projects that the IT managers may have requested anyway. 

Channel Support
However security standards across both public and private sectors are complex and ever-evolving and, in our survey, just under half of all respondents (43 percent) felt that the channel had a good grasp on regulatory drivers such as GCSx and PCI DSS. This raises the question; what can be done to improve awareness levels amongst the channel to ensure that they can capitalise on burgeoning opportunities and provide the right guidance?

Pages

Tags:
Security
Software
Security
GCSx
PCI
Vigil Software

Related Articles

Computerlinks strengthens security portfolio
Tufin and Sourcefire deals announced
McAfee names UK & Ireland VP
Ross Allen extends role to lead new territory
The Rise of the SuperVAD
Exclusive Networks' Barrie Desmond explains the concept of the 'SuperVAD' - and why he thinks resellers should harness its power