Compliance and security projects Information compliance and information security are often considered pure overhead and a distraction to the business. Regulatory compliance and data privacy projects are often designed to meet minimum requirements at a minimal cost. Some organizations, however, see compliance and security projects as an opportunity to improve business processes and lower operating expenses. Auditors spend far less time evaluating automated processes than manual ones. Compliance projects find ways to minimize auditing and legal expenses, often using automated workflows and other forms of process automation. Automated processes tend to be faster, more reliable, and less error prone. Think of how cash registers simplified cash management, for an example. IBM client example: A bank in the US was unable to comply with legal discovery orders in a timely manner because many of the requested records were stored on paper in warehouses. The bank realized they could reduce labor, storage and transportation costs by implementing a new imaging system. The new system paid for itself in less than a year through decreased operating expenses. Of course, the new imaging system also sped up legal discovery significantly, which was the original objective. Security projects designed to improve and audit data privacy can also deter theft of other information assets. Since more than half of data theft is from internal sources, companies are smart to apply enhanced information security practices to all valuable data, not just personally identifiable information. IBM client example: A financial services company decided to encrypt all tapes leaving their data center to protect customer privacy. 100% encryption simplifies operations. They don't have to track which data was on which tapes. They don't have to worry about sensitive data being copied to other systems, then backed up to non-encrypted tape. If media is lost or stolen, several states offer "safe harbor" immunity for companies that can prove the lost data was encrypted. The cost and number of security breeches continues to increase. Organizations must weigh the total cost of security breeches against the cost of improving security. No organization is immune. A recent loss at a European military installation illustrates the point. Some non-encrypted disks went missing from a secure data center on a secure military base, arguably a site more secure than the typical data center. Inadequate disclosure policies were in place, causing the organization to report only part of the data loss two weeks later. Elected officials were not informed. Within 6 months, newspapers reported a scandal, accusing the organization of a cover-up and suggesting the leaders were incompetent. Yes, your data can be stolen. Yes, the total cost of a security breech can be extremely high. Source: IBM
Dynamic Infrastructure is published by IBM. Editorial supplied by IBM is independent of Gartner analysis. All Gartner research is © 2009 by Gartner, Inc. and/or its Affiliates. All rights reserved. All Gartner materials are used with Gartner's permission and in no way does the use or publication of Gartner research indicate Gartner's endorsement of IBM's products and/or strategies. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. |