Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/1/2012
03:16 PM
50%
50%

What Works For One Does Not Work For Two

To remain compliant, your approach must grow in scale with your business

My wife, Doris, is the founder and president of a company in the real-estate industry. I once heard her explaining how systems and processes must be rebuilt for each new scale of a business. "What works for one does not work for two. What works for two does not work for three," she said.

What a great concept. Whether you are adding more staff, more locations, more servers, or more processes, we must realize that doing the same things harder or smarter is rarely enough. We must accept that the scale of the business has changed, requiring that all associated tasks and systems maintain the same scale.

For instance, if you add an additional location to your organization, new processes are likely required. Computers may require new secure remote access to off-site servers, technical support may not be "just down the hall" for these users, and the staff responsible for compliance and security may not be in the same building as before.

Sometimes the biggest challenge is realizing the scale has changed. Perhaps a department grew from two employees to 15 in only a few months. How these employees work together and coordinate their tasks likely transitioned with each hire. With the transition, did the documentation of their work processes change, too? Did security measures change? Were managers or leads introduced into the process?

The more people, locations, data, and public exposure an organization adds, the more risk it creates and assumes. In time, properly managing this risk requires new systems and new processes. This includes new compliance-related systems and processes. How an organization monitors and addresses issues is never a completed task but an ongoing process of business culture and behavior.

In our office and for our client projects, we frequently contend that the fastest way to do something is to do it right. This mantra works great for organizations that are growing and need to remain (or become) compliant. Build in the new processes needed for proper and practical compliance as growth occurs. This makes the growth more solid and removes the need to come back after an audit and redo hastily built processes and procedures.

In the long run, thoughtful scaling not only saves the organization time, but also significant revenue. It also reduces the temptation to build ill-fitted extra steps to meet compliance requirements and helps prevent situations where dangerous cover-ups can seem like reasonable solutions.

Business growth is exciting, and those responsible for maintaining compliance don't have to be the party-poopers. Growth is an opportunity to help your organization build solid processes, procedures, and culture. Treat it that way.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. He is the author of the book Nerd-to-English and you can find him on Twitter at @NerdToEnglish.

Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.