Study Finds Compliance Cuts Costs, Improves Operations
January 31, 2011 - Tracy Kitten, Managing Editor Share
Tripwire's Shenoy says security compliance improves the bottom-line.
A review of security practices and investments at 46 global companies across the financial, retail, healthcare and government spaces finds that compliance with industry security standards actually saves money over the long-term. Sponsored by Tripwire and conducted by the Ponemon Institute, the new study reviewed security investments made over a 12-month period. The findings have been published in a new report, "The True Cost of Compliance," released today by security and compliance automation solutions provider Tripwire.
While compliance with the Payment Card Industry Data Security Standard was the most-often reviewed for the study, since PCI-DSS impacts any entity that accepts payment cards, the study also looks at other guidelines and standards, such as HIPAA and Sarbanes-Oxley.
What the study finds, says Rekha Shenoy, vice president of strategy for Tripwire, is that across the board, regardless of industry or standard, companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than companies that are categorized as non-compliant.
"There were not many differences among industries. They are all spending money for compliance, but they are not all getting secure," Shenoy says. "It was the ones that invested in security practices that were reaping the benefits -- those that focused on securing the business, rather than focusing on compliance alone."
Focus on security, and compliance will follow. "When you automate compliance and you are always in a compliant state," Shenoy says, "you are always secure and you are doing 'good' for the business."
During this interview, Shenoy discusses:
•How internal audits improve consistent security compliance;
•The fluid nature of security compliance;
•How investments made by financial institutions are proving for other industries and agencies the benefits of automated compliance audits.
Shenoy is Tripwire's vice president of strategy. Shenoy joined Tripwire in April 2007. Before Tripwire, Rekha held positions in corporate development, product management and marketing for performance management solutions, database tools and mainframe solutions, and in market research at BMC Software Inc. in Houston, where she drove strategic decisions around new technologies. She also worked at Questia Media Inc. and Compaq Computer Corp. Shenoy holds a mater's degree in business administration, with a focus on marketing and finance, from Rice University. She holds a bachelor's degree in computer science and engineering from the University Visvesvaraya College of Engineering in Bangalore, India.
No comments:
Post a Comment