Enabling Secure Collaboration and Compliance by Mitigating Increasing Information Risks (Part 2 of 2)
Blog Article Published: 09/25/2014
By Robert F. Brammer, Ph.D., Chief Strategy Officer at Brainloop, Inc. In my previous post, I addressed three major trends that play an immense role in cybersecurity initiatives. These trends include the growth of digital business, information risks, and regulatory requirements. In this post, I’ll focus on issues related to collaboration and compliance. Since executives and Boards must address these issues, what are some key factors to include in the business policies, processes, and systems? First, ensure that your strategy and policies are clear with respect to collaboration and compliance. These statements should address those areas requiring external and internal collaboration and the regulatory environment in which you operate. They should also address those information risks that are most significant for the organization. Since all of these topics evolve rapidly, you should conduct regular executive and Board-level reviews of these plans and policies. Second, ensure that you have the appropriate staff, organization, and business processes to implement the above plans and policies. Management and staff development for these issues is vital and particularly challenging since the environment is so dynamic. A recent survey by Gartner summarizes these issues well. However, this organizational development will be essential to realize the 80% new business models in the next five years described in the above Accenture survey. Many organizations are developing enterprise-wide governance, risk management, and compliance (GRC) programs. GRC programs include governance (the processes by which executives and boards manage the enterprise), risk management (the processes by which management addresses risks to the enterprise), and compliance (the processes with which the enterprise complies with applicable laws and regulations). As enterprises become increasingly information-intensive, the protection of information assets is becoming more important in all three primary aspects of GRC programs. Finally, enterprise systems must perform a broad range of business-critical functions, including the implementation of the above policies and business processes necessary to enable digital business agility, to protect sensitive corporate information, and to enable regulatory compliance. The challenge for CIOs is to design and operate these systems balancing requirements for functionality, performance, and costs while providing necessary security and compliance with corporate policies and regulatory requirements. End users will focus on functionality and performance, the CFO will focus on the costs, while the GRC program must ensure proper security and compliance. There is a growing market for systems to implement the policies and procedures of a GRC program, but the definitions of policies and procedures must precede selecting a GRC platform. It is clear that we will continue to see the growth on importance in secure collaboration and regulatory compliance in the development of digital business. The ancient curse, “May you live in interesting times” certainly applies to today’s business environment. About the Author Dr. Robert F. Brammer is the Chief Strategy Officer, Americas for Brainloop, Inc., a leading provider of SaaS solutions for secure collaboration and regulatory compliance. He also serves as the President and CEO for Brammer Technology, LLC and recently retired as vice president and chief technology officer for Northrop Grumman's Information Systems Sector.