Feature
Compliance is no longer a monthly, or even weekly, task -- it’s something that needs constant evaluation and adjustment. Sources change and applicability of control over data should be under consistent review -- that’s the age of continuous compliance we live in today. One requirement of continuous compliance is ongoing, effective and intelligent communication. There are some ways to help improve communication and ensure your compliance and security teams get the best, most relevant and timely information to keep you secure and compliant -- and remain that way.
Connect the Dots in Data Usage
Traditional lines of administration and control are still the norm at larger, more established organizations -- and that’s OK. Lines of administration and control were drawn long ago, and processes held that administrators maintained control over their areas of expertise.
What we have to recognize is that information held within these silos can be valuable to other areas of the organization, and by preventing an exchange of intelligence, we can hinder security and compliance. It’s easy enough to describe and recognize -- but doing something about it can challenge both political and other boundaries.
One way that can help you overcome some of these limitations is to make sure the groups that traditionally don’t share information (Security, HR, IT Operations, etc.) define their roles for the organization and give examples of what they do with data. Look for data similarities or lines that cross -- and ensure that all of the other parts of the organization understand your goals and purposes for gathering data.
Normalize Event Data
Another step that can really improve the situation is to normalize your event data. In today’s line-of-business apps, cloud solutions, internal tools and management frameworks, data that should be similar -- or the same -- can look very different depending on how developers choose to expose the data to end users (usually in the form of logs or events).
Learning Opportunities
Webinar
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
Jun
13
Learn How to Deliver Dynamic Video Experiences at Scale
Learn how to convert existing assets into video experiences in near real-time.
Webinar
Jun
20
3 Steps to Unlock Your Customer Data and Drive Revenue
Discover how Twilio Segment’s #1 Customer Data Platform helps implement data-driven strategies.
Webinar
Jun
21
Retail Reinvented: A Masterclass in Creating Digital Experiences That Click
Hear how online retailers architect their digital experience infrastructure for peak traffic and demand
Webinar
Jun
21
The Feedback Loop: Accelerating Personalization for Exemplary Customer Experiences
Are you ready to harness the power of feedback in your personalization strategy?
Webinar
Jun
22
How to Succeed in Today's Engagement Economy
Doing true personalization at scale with marketing automation
Webinar
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
Jun
13
Learn How to Deliver Dynamic Video Experiences at Scale
Learn how to convert existing assets into video experiences in near real-time.
It often takes some application expertise to translate events into something meaningful before the data can be determined to be useful or not. Look for applications that can normalize the data for you -- that don’t need application expertise to understand what the application developers are trying to tell you.
Sharing Data Securely
Finally, you also can look for opportunities to share data without providing access to the collecting application or infrastructure, and without providing knowledge about how it was collected. An example of where this can be really helpful would be where account information is shared with the helpdesk and security. Account creation and provisioning, permission changes, failed login attempts, account lockout, etc. are all really useful for these teams in their efforts to assist end users or investigate security holes or data breaches. Look for ways to securely, simply and easily share live event data with teams that can make the most use of the data, allowing them to group, sort and filter to best serve their needs and the needs of their clients.
It doesn't have to stop with the helpdesk and security -- internal auditors, IT management and others can make good use of the data, as well. A word of caution, though, particularly when it comes to external parties (like external auditors), you should always avoid “over sharing.” By providing more data than auditors specifically ask for it allows them to dig deeper on unrelated data, and spend more time investigating and looking for data breaches or misuse. It may sound obvious, but be judicious about how much you share with those outside your organization, and you can save yourself a lot of headaches in the future.
So, remember, the data you collect (and I’m mainly referring to governance, risk and compliance data here) can have value beyond its primary purpose -- when it’s normalized and shared with an audience that knows what to do with it. It can make you more secure, and assist in the normal day-to-day flow of business in the organization. We just have to share appropriately, understand who can use the data and for what purpose.
