Compliance Does Not Equal Security
Compliance Does Not Equal Security
In cybersecurity, there is a common misconception that compliance equals security. This could not be further from the truth. Compliance simply means that you were "secure" at one point in time. It is important to understand that standards are always changing, and what may have been considered secure in the past may not be up to par today. In order to truly have a secure system, you need controls that are constantly updated and adapt with changes in technology.
What Does it Mean to be Compliant?
In order to be compliant, you must adhere to standards set forth by various organizations. For example, ISO 27001 is a standard for information security management systems. It was first published in 2005 and updated in 2013. However, even this standard is not current, as it was last updated in February of 2022. When you state that your system is compliant, you are essentially saying that it meets the requirements of a standard that is over 8 months out of date.?
Additionally, compliance does not take into account the specific needs of your organization. rather, it is a one-size-fits-all approach that simply checks a box for auditors. This can often lead to issues down the road, as your system may not be as secure as you thought.?
领英推荐
Why You Need More than Compliance?
In order to have a truly secure system, you need more than just compliance. You need controls that are constantly updated and align with current defensive techniques. Additionally, technologies must be implemented that will adapt with changes over time. Finally, defensive mechanisms must be put into place that protect the identities of those using the system. Simply being compliant does not guarantee any of these things.?
Conclusion:?
It is important to understand the difference between compliance and security before making decisions about your organization's cybersecurity posture. Compliance simply means that you were once secure, but it says nothing about your current level of security. In order to have a truly secure system, you need more than just compliance. You need controls that are constantly updated and align with current defensive techniques. Additionally, technologies must be implemented that will adapt with changes over time. Finally, defensive mechanisms must be put into place that protect the identities of those using the system. Simply being compliant does not guarantee any of these things.
Infra Managed Service Sr Analyst
2 年Indeed, Compliance is setting-up the environment as per standards, however Security is a much bigger aspect which involves continuous efforts towards making the environment more secure and implementing the new solutions provided by Cloud provider to overcome the new types of security concerns in a virtual world nowadays.