How GRC Solutions Can Help Address Cloud Compliance Concerns

June 15, 2016

By Paula Bernier - Executive Editor, TMC

Utilization of the cloud is far below what it could be, due in large part to security concerns – namely related to compliance, according to a new blog by Priya Kanduri, the head of risk and compliance practice at Happiest Minds Technologies. Indeed, as Kanduri notes in the posting, 64 percent of organizations surveyed named compliance and auditing the leading challenges related to cloud deployment. This statistic is from a CipherCloud survey.

Education can go a long way in allaying customer concerns about compliance and the cloud, Kanduri continues, adding that today’s cloud providers and security tool suppliers now address many of the data control and loss prevention, and multitenancy security issues that arose in the early days of the cloud. However, service providers can also help companies address compliance issues regarding the geographic location of their data by enabling those organizations to select geographical nodes in which their data can be stored, Kanduri says. Governance Risk and Compliance applications can also be used to manage IT operations subject to regulation, Kanduri adds.

Integrhythm – which connects businesses with IT to drive productivity, deliver new capacity, and enable organizations to realize a higher quality of service – is among the companies that deliver GRC solutions.

“Many organizations are stuck on an outdated approach to compliance that requires intensive manual work and hours of extensive preparation across multiple teams for audits and internal reviews,” the company notes. “Integrhythm’s approach to GRC implementations goes far beyond flipping a switch and importing some controls. By leveraging ServiceNow GRC, Integrhythm helps clients modernize their compliance efforts through continuous compliance monitoring of basic controls; reducing time and effort spent on audits and internal reviews. We first conduct workshops with GRC teams to identify their current approach and define the organizations overarching, enterprise-level GRC objectives.”

Then Integrhythm establishes or refines the governance framework; maps requirements related to audit, business continuity plans, compliance, controls, risk management, and security operations; monitors remediation, follow up, and determines the effectiveness of controls; develops dashboards and compliance reporting; streamlines compliance to regulations like HIPPA, PCI (News - Alert), and SOX; performs operational risk assessments so organizations know their high-risk areas; defines Segregation of Duties to remediate risk and prevent potential fraud or error; and integrates UCF Authority Documents into ServiceNow (News - Alert) GRC by filtering content and importing relevant data from authoritative source content and controls.

Edited by Maurice Nagle