‘Governance, risk and compliance’. Three words that are the stuff of nightmares for senior managers. Not because they have done anything wrong, but because the breadth and scope of this area continues to grow exponentially.
Their ability to get a good night’s sleep is not just affected by the ever-lengthening ‘to do’ lists associated with implementing GRC, but by the risks attached to their failing to do it properly.
According to a study carried out by International Association of Privacy Professionals (IAPP), The new General Data Protection Regulation (GDPR) coming into force in the next two years will need 28,000 new dedicated data protection officers in Europe alone. That’s a veritable army of new staff whose backgrounds will need to be thoroughly checked before being recruited, trained, sat somewhere, managed, fed and paid.
A fundamental part of these roles is to not just drive policies into the core of a business to avoid the repercussions, but also to report in detail should a breach occur. This reporting includes:
And this is on top of the 70,000 new jobs that the then head of financial stability at the Bank of England, Andy Haldane, predicted in 2012 would need to be employed in Europe by financial institutions just to comply with the requirements of the Basel III regime for banks.
The penalties for non-compliance are enough to induce insomnia too. Organisations can be fined up to 4% of their global turnover. This no longer represents a mere slap of the wrist but an almighty whack where it really hurts; on the bottom line.
So what can companies do to improve their performance in this area? As sports news has increasingly moved from the back pages to the front pages, let’s use a sporting analogy to guide us. High performing teams, we are told, need three things to succeed. They need:
For those responsible for implementing GRC strategy, this translates as employing staff with an appropriate level of knowledge; for those staff to have appropriate (i.e. fit for purpose) systems, processes and procedures and, critically, for them to engender a relevant internal cultural attitude towards all aspects of GRC.
A simple, balanced scorecard approach will quickly identify which of these three factors is the weakest at any one time and can then drive the actions needed to rectify it. Continuously measuring, then improving these will drive up performance and ensure that the organisation’s GRC strategy is achieving its goals (as well as helping the CEO to get through the night).
The Wallix AdminBastion (WAB) Suite has a simple architecture designed for pervasive, sustainable deployment. It creates a single gateway with single sign-ons for access by system admins, controlling who goes where and also providing an audit trail.
WAB’s agent-less architecture is lightweight, making the solution inexpensive and easy to deploy and adapt. The agent-less approach mitigates the risk that changes in protected systems will require extensive revamping of the PAM solution.
WAB has a simple architecture, but a sophisticated and rich feature set that can scale with even the largest organisations. WAB gives you the tools to make PAM an enduring, pervasive and consistent part of your security program.
Remember, the best PAM solution is the PAM solution everyone uses.
For more information about the Wallix AdminBastion, visit www.wallix.com or click below.