How to Appease the Gods of Compliance Without a Human Sacrifice

Halloween is here, and while trick or treating may be cancelled because of the ongoing pandemic, the basics of the celebration remain the same: pumpkins, costumes, kids amped up on sugar. That said, the origins of Halloween are rooted in Samhain, an ancient Celtic festival marking the end of the harvest season. Festival goers would slaughter animals and throw them into bonfires in an attempt to appease the dead. And in more extreme cases throughout history, human sacrifices were sometimes made to placate the demanding gods of the un-dead.

But fortunately for us all, modern Halloween parties are a bit more tame, and most organizations don’t require human sacrifices to satisfy auditors and regulators. For the past few weeks, we have been celebrating Halloween and National Cybersecurity Awareness Month (NCSAM) with discussions of how to unite AppSec and DevOps for the good of software and how to stay above ground with the help of automation and orchestration. And now the scares continue as we sort out the question of whether security and compliance can peacefully coexists, as successfully appeasing the gods of compliance can be viewed an annoyance at worst, a checked box at best.

There is such a thing as too much of a good thing

This kind of thinking is not unfounded. Regulations are around to keep organizations in check—and this is a good thing. But the sheer volume of government regulations on businesses can sometimes feel like a bad thing. Unfortunately, this is not an issue you can ignore, with costs for non-compliance ranging from $14 to $40 million[1] just for data protection regulations alone. Organizations also have their own internal guidelines that need to be satisfied.

Compounding the problem is the fact that different units within the same company are driven by different priorities. They do not share the same unified vision. While compliance teams are responsible for meeting this mountain of regulations to protect the organization against crippling fines, development teams are racing to speed up software delivery and maintain a competitive advantage.

When you view compliance monitors as vengeful gods, of course appeasing them may sometimes feel like an unnecessary and even unfair process, a burden. But when you realize everyone is on the same team, united together to achieve software excellence, regulations around compliance start to feel more manageable—and attainable.

Coexist with ZeroNorth

Achieving compliance is not easy. It requires a holistic view and in-depth analysis of all application security vulnerabilities that could impact compliance, as well as an easy and efficient way to remediate issues early in the SDLC, without impacting speed. The ZeroNorth application security automation and orchestration platform helps organizations define, manage and report against corporate and compliance requirements. It also enables organizations to streamline the risk mitigation processes for compliance-related vulnerabilities and measure progress against SLAs.

With a holistic view of risk across the entire application portfolio and throughout the software development life cycle, organizations can pinpoint key gaps, identify needed security enhancements and prepare for application security-related internal governance and regulatory compliance requirements.

An Offering for ALL the Gods

By providing a complete picture of risk, ZeroNorth gives corporate and product security teams the tools they need to demonstrate compliance. More importantly, though, they are also empowered to be innovation advocates, and can show their business leaders how robust security programs help identify patterns and trends and can lead to other, increased business possibilities. Embracing regulatory compliance may not be fun, but it does help push us towards the vision of shared security responsibility.

[1] True Cost of Compliance with Data Protection Regulations

*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by ZeroNorth. Read the original post at: