By Zach DeMeyer Posted August 22, 2019
Given the prevalence of security breaches today, IT admins need to be on their toes when it comes to keeping their organization’s identities safe. By law, many companies are required to comply with certain regulations which are considered security baselines. As such, some wonder, “Can compliance stem security breaches?” It’s a question that ultimately affects everyone in an organization.
A Bit of Background
Before answering this question, we first need to understand the two concepts at its core: compliance and security breaches.
Compliance is a general term describing the meeting of regulatory standards, usually created by governments to protect the data/privacy of individuals. There are hundreds of compliance regulations that a business could face, with some unique to their specific industry.
Here are a few compliance regulations commonly faced by today’s IT organizations.
The Payment Card Industry Data Security Standard (PCI DSS) is a compliance requirement for any company that handles customer credit cards, a la ecommerce and other organizations.
The General Data Protection Regulation (GDPR) was recently introduced by the European Union (EU) to protect the privacy of all EU citizens and their data, and is enforced on any organization that has EU-based customers.
The Sarbanes-Oxley Act (aka SOX) applies to any publicly-traded company on a US stock exchange, and is designed to protect public interests from corporate fraud/misrepresentation.
The Health Insurance Portability and Accountability Act (HIPAA) must be followed by all American healthcare organizations, ensuring their patients’ confidential data is secure from harm.
Ultimately, each of these compliance standards represent a security baseline for organizations required to follow them. But, can they stem security breaches?
A security breach is when a malicious entity gains unlawful entry to an organization’s network or data center, usually with the intent to steal critical data for their own gain. The extent of this use is situational, some may be doing it for blackmail, others for selling individuals’ data to the black market or other outlets. Regardless of intent, a security breach can be a death knell for organizations, especially small businesses, which accounted for 47% of last year’s data breaches.
So, Can Compliance Stem Security Breaches?
At their core, compliance and breaches are diametrically opposed, compliance being the safeguards put in place to prevent a breach from happening. So, in an ideal world, compliance should stem, and ultimately, prevent a breach. In today’s world, however, this is often not the case.
Although compliance audits can be anxiety-inducing (not to mention costly) endeavors for an organization, they are not without reason. At the heart of every compliance regulation is a good bit of altruism. That is, putting measures in place in order to protect not only the best interests of a company, but more importantly, the best interests of the customers that trust in them. Unfortunately, some organizations dealing with compliance regulations find shortcuts to achieve compliance in the simplest way possible, potentially missing exploitable backdoors.
Compliance Doesn’t Mean Security
Of course, it can’t be stressed enough that at the end of the day, compliance and security, while related, are not the same. Compliance is a minimum requirement, a snapshot of an organization meeting a specific set of rules at a specific point in time. Security is a state of mind, a practice of constant vigilance and permanent protocols that protect a company inside and out.
But, if an organization is diligent and does their best to comply with regulations year-round, then compliance should significantly stem the chance of a breach. This especially rings true considering that a core part of many compliance regulations is the implementation of solid identity and access management (IAM) principles.
Cloud IAM for Compliance
When it comes to protecting your organization by meeting compliance standards, several practices are essential. Controlling user access to resources, including network access, is key, as well as creating strong credentials through password complexity and multi-factor authentication (MFA). With the proper IAM tooling in place, IT organizations have a much stronger chance at achieving compliance without having to worry about last minute changes and fixes.
If your organization is one of many that is concerned about both compliance and security breaches, consider reevaluating your IAM solutions as a starting place. JumpCloud® Directory-as-a-Service®, the first cloud directory service, is one such option. JumpCloud enables IT admins to manage users and their access to virtually all IT resources, as well as the ability to enforce password complexity and MFA across entire system fleets, applications, infrastructure, and more.
Independent compliance auditors, CoalFire Systems, reviewed JumpCloud with regards to PCI, GDPR, and HIPAA. They found that, when it comes to enforcing IAM for compliance, JumpCloud can help organizations to do so. JumpCloud also features a host of other security features, such as full disk encryption (FDE) for Windows® and Mac®, so your organization can push your security practices beyond compliance baselines.
So, can compliance stem security breaches? Yes, potentially. Can JumpCloud help you prepare for compliance? Yes, definitely.
If you want to learn more about JumpCloud and compliance, please contact us. We would be happy to give you a rundown on the various regulations we can support, as well as how you can use JumpCloud for security best practices.