Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Enabling Secure Collaboration and Compliance by Mitigating Increasing Information Risks (Part 2 of 2)

Home
Industry Insights
Enabling Secure Collaboration and Compliance by Mitigating Increasing Information Risks (Part 2 of 2)

Blog Article Published: 09/25/2014

By Robert F. Brammer, Ph.D., Chief Strategy Officer at Brainloop, Inc.

In my previous post, I addressed three major trends that play an immense role in cybersecurity initiatives. These trends include the growth of digital business, information risks, and regulatory requirements. In this post, I’ll focus on issues related to collaboration and compliance. Since executives and Boards must address these issues, what are some key factors to include in the business policies, processes, and systems?

First, ensure that your strategy and policies are clear with respect to collaboration and compliance. These statements should address those areas requiring external and internal collaboration and the regulatory environment in which you operate. They should also address those information risks that are most significant for the organization. Since all of these topics evolve rapidly, you should conduct regular executive and Board-level reviews of these plans and policies.

Second, ensure that you have the appropriate staff, organization, and business processes to implement the above plans and policies. Management and staff development for these issues is vital and particularly challenging since the environment is so dynamic. A recent survey by Gartner summarizes these issues well. However, this organizational development will be essential to realize the 80% new business models in the next five years described in the above Accenture survey. Many organizations are developing enterprise-wide governance, risk management, and compliance (GRC) programs. GRC programs include governance (the processes by which executives and boards manage the enterprise), risk management (the processes by which management addresses risks to the enterprise), and compliance (the processes with which the enterprise complies with applicable laws and regulations). As enterprises become increasingly information-intensive, the protection of information assets is becoming more important in all three primary aspects of GRC programs.

Finally, enterprise systems must perform a broad range of business-critical functions, including the implementation of the above policies and business processes necessary to enable digital business agility, to protect sensitive corporate information, and to enable regulatory compliance. The challenge for CIOs is to design and operate these systems balancing requirements for functionality, performance, and costs while providing necessary security and compliance with corporate policies and regulatory requirements. End users will focus on functionality and performance, the CFO will focus on the costs, while the GRC program must ensure proper security and compliance. There is a growing market for systems to implement the policies and procedures of a GRC program, but the definitions of policies and procedures must precede selecting a GRC platform.

It is clear that we will continue to see the growth on importance in secure collaboration and regulatory compliance in the development of digital business. The ancient curse, “May you live in interesting times” certainly applies to today’s business environment.

About the Author

Dr. Robert F. Brammer is the Chief Strategy Officer, Americas for Brainloop, Inc., a leading provider of SaaS solutions for secure collaboration and regulatory compliance. He also serves as the President and CEO for Brammer Technology, LLC and recently retired as vice president and chief technology officer for Northrop Grumman's Information Systems Sector.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.