How should technology leaders approach compliance when faced with a lack of interoperability?

654 viewscircle icon2 Comments
Sort by:
VP, Customer and Technical Operations in Software4 years ago

Depending on the industry, sometimes you just have to accept the fact that things will all be non-standard and then focus on the things that you can standardize. I’m at a mobile gaming company that’s made up of multiple studios. The studios have their own games, each of which has different tech stacks as the tech landscape moves too fast to keep standards very long. We try to standardize the things that we can, knowing that we'll never go back and standardize the legacy infrastructure.

Lightbulb on2
Executive Coach / Global Chief Information Officer & CISO in Education4 years ago

What we're rolling out now is what I'm calling C-Cubed—consolidated continuous compliance—which is now trademarked. It’s consolidated because I've got two different ecosystems running, and continuous because we'll put in the systems that ingest DevSecOps and can attest to where the sources sample while linking all of the policies and documentation so that they have the right owners. We're going through the reviews and all of the checkpoints. TISAX, ISO, NIST, CIS, and CMCC all need to be pulled into this one system and figure out gaps by cross-walking through the frameworks. The code base and the approach that we take over the next year and all of these efforts need to align. That way we can have enough information to know what we need to scale where we've merged the code bases, data, and everything else.

Part of this compliance effort is also educating to create that maturity level as to why we need this. Being a former developer, system admin, DBA, etc., I remember always looking across the fence at compliance, legal, and InfoSec, thinking they were all slowing me down. I’d be thinking, “Why do I need to do this?” But you grow up and realize that you need to do these things because there are financial repercussions.

Lightbulb on1

Content you might like

data security posture management 30%

data loss prevention 56%

data access governance 41%

encryption 33%

privacy enhanced technology 33%

use of synthetic data 11%

None, not using AI 4%

View Results

Your core data44%

Your cryptographic keys45%

Your proprietary code9%

Other (please comment below)

View Results