Perimeter

5/1/2012
03:16 PM
50%
50%

What Works For One Does Not Work For Two

To remain compliant, your approach must grow in scale with your business

My wife, Doris, is the founder and president of a company in the real-estate industry. I once heard her explaining how systems and processes must be rebuilt for each new scale of a business. "What works for one does not work for two. What works for two does not work for three," she said.

What a great concept. Whether you are adding more staff, more locations, more servers, or more processes, we must realize that doing the same things harder or smarter is rarely enough. We must accept that the scale of the business has changed, requiring that all associated tasks and systems maintain the same scale.

For instance, if you add an additional location to your organization, new processes are likely required. Computers may require new secure remote access to off-site servers, technical support may not be "just down the hall" for these users, and the staff responsible for compliance and security may not be in the same building as before.

Sometimes the biggest challenge is realizing the scale has changed. Perhaps a department grew from two employees to 15 in only a few months. How these employees work together and coordinate their tasks likely transitioned with each hire. With the transition, did the documentation of their work processes change, too? Did security measures change? Were managers or leads introduced into the process?

The more people, locations, data, and public exposure an organization adds, the more risk it creates and assumes. In time, properly managing this risk requires new systems and new processes. This includes new compliance-related systems and processes. How an organization monitors and addresses issues is never a completed task but an ongoing process of business culture and behavior.

In our office and for our client projects, we frequently contend that the fastest way to do something is to do it right. This mantra works great for organizations that are growing and need to remain (or become) compliant. Build in the new processes needed for proper and practical compliance as growth occurs. This makes the growth more solid and removes the need to come back after an audit and redo hastily built processes and procedures.

In the long run, thoughtful scaling not only saves the organization time, but also significant revenue. It also reduces the temptation to build ill-fitted extra steps to meet compliance requirements and helps prevent situations where dangerous cover-ups can seem like reasonable solutions.

Business growth is exciting, and those responsible for maintaining compliance don't have to be the party-poopers. Growth is an opportunity to help your organization build solid processes, procedures, and culture. Treat it that way.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. He is the author of the book Nerd-to-English and you can find him on Twitter at @NerdToEnglish.

Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8903
PUBLISHED: 2019-02-18
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVE-2019-6453
PUBLISHED: 2019-02-18
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
CVE-2019-8372
PUBLISHED: 2019-02-18
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link an...
CVE-2019-8902
PUBLISHED: 2019-02-18
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVE-2019-8423
PUBLISHED: 2019-02-18
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.