Perimeter
7/25/2012
02:14 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

We've Got Regulatory Fatigue

Many organizations are worn out by ever-changing laws and regulations

Thinking back to my college days and the grind to get through finals each term, I recall how I would typically get to a point where I'd think, "It doesn't matter what grade I get -- I just want this to be over." Of course, I did care about my grades. But I also occasionally experienced a genuine mental and physical fatigue. In the end, I would suck it up and push through the exhaustion each term, rest during the break, and repeat.

By successfully repeating enough of these cycles, I was awarded my degree. As much as I enjoyed school, I was honestly ready to move onto work and leave school behind when I graduated. I had academic fatigue. It was time to start the next phase of my life, beginning a career and learning new things in new ways.

As I work with our clients and talk with business peers about their clients, it has become clear that most organizations suffer from a similar kind of fatigue: regulatory fatigue. The ever-changing and constantly growing list of laws and regulations that may apply to an organization is not only a financial tax on the business. If not handled well, then it can be an emotional burden, too.

Think about it. What happens when we become mentally fatigued? Many things, including loss of focus, struggles to set appropriate priorities, and even apathy of what is required of us sets in.

I've had clients with regulatory fatigue tell me flat out, "I know compliance is important, but at some point I can't spend any more time and money on compliance. I've got a business to run, and if the business fails, it won't matter whether we are compliant."

As a business owner, I get what they are saying, but I also think they miss a bigger point. What concerns me most when I hear this type of comment are the two common mistakes I believe this attitude reflects. The first is the mistaken belief that compliance tasks by definition are overwhelming -- a single massive project that takes over a business. The second mistake is when a leader mentally shuts down any consideration of practical options. With only two mistakes, a business leader can create an extremely dangerous situation for the organization.

I often say you should never argue with people who know they are right. It is pointless and wastes everyone's time. Fatigued business or technical leaders who have made these two classic mistakes about compliance don't want to hear any more about it. They're more than simply tired -- they are also tired of hearing about it. Getting the point across about both the importance and benefits of smart compliance can be difficult at best in these circumstances, and sometimes even impossible.

Despite the difficulty in breaking through this regulatory fatigue, it is important to stress that compliance does not have to beat down your operations to the point of mental or financial exhaustion. The key to avoiding regulatory fatigue is using a methodical, practical approach. Integrate compliance into your routine operations, rather than treating it as a heavy add-on. Focus on a culture of security and compliance, not an oppression of your team with rules and complex tasks. Use compliance efforts to improve your business in every area, not only one or two.

Despite my occasional intellectual fatigue years ago in school, I've embraced a personal philosophy of deliberately learning something every day. We can break through, or altogether avoid, fatigue and be better business people and better organizations when we do.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand the often hidden risks within. He is the author of the book Nerd-to-English, and you can find him on Twitter at @NerdToEnglish.

Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jputman381
50%
50%
jputman381,
User Rank: Apprentice
7/31/2012 | 4:57:16 PM
re: We've Got Regulatory Fatigue
These "bullies" don't just sit around dreaming about "how can we make life miserable for business".- They are generally reacting (after much prodding by the aggrieved!) to horrible holes and atrocious abuses that have made (and have the potential to make) MANY more people's lives miserable.- If no one ever murdered (or planned to murder) anyone, then we wouldn't have "regulations" against murder.- To be sure, some regulations can seem heavy handed or could be ill informed and poorly executed / drafted ... but perhaps no more so than the behaviors, decisions, and events that lead to the regulations being contemplated in the first place.-

As for the "right to be left alone", would that not extend to everyone?- Or is it the only for the privileged few!?- So that for instance, information about consumers would have to be purged (so it could never be leaked or stolen) based on their "right to be left alone".-

But perhaps it is time to ban the EULA's that have so far shielded some products from the warranty obligations they should at least by now rightly assume (no one can any longer with a straight face honestly claim that software and data processing are too nascent as businesses to bear up under the warranty laws and liability exposure under which all other products exist!).- In which case, sure - let's quash those EULAs and simultaneously dispense with most regulations - letting the legal gunslingers battle it out in the courts (without artificial liability and class action restrictions).
byoder911
50%
50%
byoder911,
User Rank: Apprentice
7/27/2012 | 10:23:12 PM
re: We've Got Regulatory Fatigue
I agree that the avalanche of regulations is making people just give up on trying to comply with them all, and I agree that it is a big problem. -What I don't agree with is that our only choice is to ignore the laws and hope that nobody notices (and usually nobody will...if you imagine that it is mind-numbingly difficult to comply with this complex web of laws for one company, imagine what it would be like to try to know whether any of millions of businesses out there is complying with all of them, -it's an impossible task) or to obey meticulously. -

The only way they can get away with all of this abuse is with our cooperation to police ourselves. -Why exactly should we allow ourselves to be bullied by these idiots? -Why not fight them instead? -We can fight them by ignoring them to some degree, but we can fight them by political means too, by for example hiring lobbyists and conducting public educational campaigns about how damaging these things are, and we can fight them by denouncing them as what they are...violations of our right to be left alone when we aren't hurting anybody. -If we don't stand up for our rights who will?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web