Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

Compliance regulators don’t stop working when companies go remote

By Jeff Sizemore
SEC0820-Data-Feat-slide1_900px.jpg
September 18, 2020

Nearly every single industry has been forced to manage the swift and dramatic shift to remote work caused by the COVID-19 health crisis. Beyond the colossal task of migrating to remote operations overnight and ensuring off-network employees have the resources they need to be productive, many businesses are contending with new and weighty compliance challenges as well. For instance, healthcare and life science organizations must find ways to adhere to HIPAA requirements while patient care and management takes place virtually, and sensitive healthcare data changes hands remotely. Financial institutions, construction organizations and more are dealing with similar requirements.

Compliance regulators don’t take days off – not even in a pandemic. Faced with steep penalties for non-compliance and potential reputational damage, organizations are being forced to rethink their compliance strategies to account for new and emerging risks. For digital businesses today, the best place to start is by assessing how systems should be good enough, understand how data integrity is currently being managed, identifying any compliance hazards or gaps, and considering how automation can help address them.

 

Compliance must scale and evolve

Generally speaking, many organizations rely on compliance frameworks to ensure the privacy and security of all data and content across a wide range of company repositories. These guidelines are typically laid out as a written set of controls that correspond to key data safety and security policies that ensure compliance. This “checklist” approach is designed to be organized and actionable for IT administrators, making it clear which compliance policies are and aren’t met. Some businesses simply rely on basic on-premise file sharing services as their compliance management solution. But do these strategies hold up in today’s mostly virtual business environment?

These types of legacy compliance frameworks and systems are intended to extend across an organizations’ entire IT infrastructure. But as that infrastructure grows and becomes more distributed, and compliance regulations become more stringent, the demands on those systems can become overwhelming. Just look at NIST Special Publication 800-53. It comprises 2,000 individual security and privacy requirements. Each requirement corresponds to some aspect of your IT infrastructure that, if not met, could create a vulnerability for sensitive content. Any lapse would result in non-compliance, limiting your ability to conduct business and opening you up to substantial financial penalties. The same is true for most other regulations as well. The average HIPAA fine in 2018 was approximately $2.5 million, so the stakes are incredibly high when it comes to ensuring you have a compliance strategy that can scale.

The sudden shift to a predominantly remote work model has only highlighted the shortcomings of existing compliance strategies. In particular, it shows them to be antiquated, one dimensional, static and overly reliant on manual oversight. They don’t take into account the many challenges of modern enterprise content management, especially across newly instated workforces that are accessing company data from non-traditional work sites. Some company content is essentially stateless – because of remote collaboration and access, and continuous alterations to the data, content assets are rarely ever static and highly susceptible security and compliance risks if not managed properly. So, in order to effectively maintain compliance, you must monitor and evaluate your company data and content perpetually.

There simply aren’t enough IT personnel with enough visibility into content stored across all your cloud, on-premise and remote work environments to handle compliance manually. Every time a new API connection is made, a user is added (or removed) and every time a new file is stored, the burden grows exponentially. An increasingly distributed workforce adds additional complexity and risk to this process as well. To effectively manage these challenges, IT teams need help to understand which employees have access to files, when those files are accessed and modified, and how all of this impacts your compliance status.

 

The role of automation in modern compliance management

When your entire workforce is operating within the office, it’s much simpler to centralize governance to ensure security and compliance of those files. But since every remote worker has essentially set up his or her own unique company IT environment at home today, centralized, manual control has become untenable. Companies depend on critical files and content to make informed business decisions, meet customer needs and maintain operations. Overlooking unauthorized access or improper storage of those assets because you’re unable to properly manage the deluge of off-network activity can have disastrous consequences. Automation can help provide the advanced level of insight and analysis that today’s digital businesses need to maintain compliance at scale and across distributed workforces. It removes the need for IT admins to manually track compliance criteria and risks using frameworks or checklists, providing always-on, continuous monitoring across all company environments.

Automating compliance management is a more proactive, consistent and reliable approach that can help you and your IT and data governance teams gain deep visibility into how your content is being used, what aspects might be at risk and how it can be protected. For instance, automated compliance can help you better manage data storage timelines to adhere to contractual obligations and regulatory criteria (avoiding compliance risks and penalties that come with retaining sensitive data too long). It can also more efficiently track and alert you to potentially risky user access indicators, such as a remote employee accessing and exfiltrating files he shouldn’t be able to access. Streamlining these processes is particularly important as more employees than ever before are operating outside the traditional network perimeter, accessing and interacting with company data and files on endpoints in unfamiliar environments.

How does it work? Your must lay out rules that dictate acceptable content usage, collaboration and management practices that align with all compliance criteria required of your organization. You can then apply automation to establish a baseline of “normal” operations and compliant activity, and monitor that those policies are being upheld across every company repository and environment. Automated alerting for any deviations from this baseline will help you proactively mitigate risk. By aggregating all company files and content into a single source, you can leverage automation to more easily identify who is accessing and interacting which assets, how they’re being stored, etc., and can manage the resulting outcomes.

Content is the lifeblood of all digital businesses today, and any lapses in its management can result in costly security and compliance risks. Gone are the days when you could rely on a basic pass/fail report to identify and manage compliance gaps. The rise of remote work, digital transformation and worldwide focus on privacy and security has made adherence to compliance standards more complex and challenging than ever before. While the world is still trying to find its footing in the midst of the pandemic, expectations from compliance regulators haven’t faltered or softened in the least. The good news is that automation can dramatically streamline compliance management to help you more intelligently and efficiently minimize risk. Now is the time to reassess your compliance strategy to ensure it’s up to the task.

KEYWORDS: automation compliance COVID-19 crisis response data security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jeff sizemore

Jeff Sizemore, Vice President of Governance and Compliance at Egnyte, is responsible for the strategy and execution of the Egnyte Protect content governance solution. Jeff has an extensive background in data protection, specifically in encryption, key management, data loss prevention, and identity and access management. Jeff has helped define the market by contributing to several start-ups, including PGP (now part of Symantec), Ionic Security, and Port Authority (now ForcePoint DLP). 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data privacy

    Comply with the new data privacy regulations now

    See More
  • cybersecurity breach

    The election’s over, but threats to government and critical infrastructure don’t stop

    See More
  • Two people studying documents

    The future of data privacy and compliance (and how to stop it)

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing