Years ago, when I took the Pragmatic Marketing class taught by the great Steve Johnson, I learned what was to become one of my favorite “rules to live by.”
“Your opinion, while interesting, is irrelevant.”
The point here is that we often fall into the habit of talking to ourselves and forgetting to engage with those who matter –i.e. customers and prospects. This became crystal clear to me during a recent internal conversation regarding security and compliance.
Occasionally, some of us here at Dell (not all of us, mind you), have fallen into the bad habit of using these terms interchangeably. After speaking to numerous compliance professionals and reading about recent security breaches at some major retailers, however, we once again have had our vision aligned to the real world: namely, that while related, security and compliance do have some slight differences.
At the most basic level, security versus compliance has to do with the difference between the here and now, and reporting on yesterday’s activities tomorrow.
- Security is the discipline (and part art) of putting defenses in place to ensure the bad guys can’t get in, while, at the same, limiting as much as possible the barriers the good guys must hurdle to do their jobs. That is to say, security is about control ─ controlling your infrastructure, your perimeter and your identities.
- Compliance, conversely, is the ability to report on what happened as a means to pass some audit. It’s the ability to report on who granted access to whom for what, what that person did with that access, or perhaps who placed that malicious code on the credit card processing servers.
And speaking of audits, those generally come in two varieties as well: internal audits as mandated by the organization itself, and external audits mandated by a government, or “strongly suggested” by an industry consortium, for example, PCI. With respect to PCI (can you say credit card risk?), we continue to see businesses struggle to comply with PCI because of its magnitude. Fortunately, Dell Software has several solutions that make the task of achieving both increased security and PCI compliance much less difficult (as well as compliance for many other regulations). We’ve even bundled this up into what is tantamount to a checklist of PCI requirements and how we can help you meet them. Or, if you prefer, check out this upcoming web seminar, “Preparing for the Inevitable: How to Limit the Damage from a Data Breach by Planning Ahead,” on Feb. 20.
Can you have compliance without security, or security without compliance? We suppose you can, but why would you? You need the compliance to ensure the security is working, and you need the security to, well, secure the environment. So check out the link above if your organization has the dual (but related) challenge of a PCI compliance mandate, and is looking for ways to mitigate security threats.
Image may be NSFW.Clik here to view.
