The New Compliance and Risk Issues on the Block

While the buzz and headlines continue around the technology-induced compliance issues brought to light in the past decade, a new set of less public concerns have appeared on the horizon. Although there are a lot of grey areas surrounding the “official” rules for the issues below, they are already demanding the attention of IT, Human Resources and Regulatory departments. It’s good practice to be aware of these issues and the implications they may have for your enterprise.

Electronic Discoverability

Discoverability is a legal term that is defined as “the compulsory disclosure of pertinent facts or documents to the opposing party in a civil action, usually before a trial begins. Each party is required to cooperate with the other to the extent required by the relevant rules of civil procedure.” Electronic Discovery relates to effectively storing and managing electronic data so it’s searchable and easily extracted upon request if such an occurrence were to happen. Examples of these types of data include e-mail, instant messaging chats, memorandums, Web sites, voicemails and any other electronically stored information that could be relevant evidence in a law suit. Rapidly growing volumes of electronically stored information (ESI) are creating new burdens on preservation obligations for litigation and compliance. To make matters more complex, these regulations are often industry specific and currently subject to pending legislation which seeks to further define the timeframes associated with electronic message and voicemail storage intervals.  This uncertainty has led to a “wait and see” approach in most enterprises.  

Cloud Synchronization

I was the recent “victim” of cloud synchronization attack, and I didn’t even see it coming. It all started when I signed up for my Google+ account. As a social media enthusiast, I was excited to take it out for a spin and identify potential business uses. What I didn’t expect was for every picture I’ve ever posted to any Google account (personal and business) to automatically synch to my relatively unsecured Android-based Smartphone. Thinking about the possible implications this could have on an enterprise in a regulated industry startles me for obvious reasons.

Social Media Compliance (SMC)

As I mentioned in a previous post, there’s no stopping the social media revolution. The fact that this particular issue already has its own acronym is indicative of the size and scope of the problem. The use of social media in the enterprise, including businesses in regulated industries is on the rise. Communications between employees and their clients or prospects that mention your company must be managed and archived to ensure and maintain compliance. Although clear guidelines have yet to be established for SMC, it will take a combination of policies, procedures and technologies to help rein in your social media interactions.

Enterprise Mobility Consumerization

In a Gartner study, “Consumerization is Affected Enterprise Mobility Strategies” Gartner surveyed enterprise sized clients to illustrate the challenges organizations face in areas such as mobile devise procurement, management and security.

Key findings of the study include:

  • By 2012, respondents expected to support an average of 3.3 smartphone or tablet platforms (where a "platform" is defined as an OS such as Symbian, iOS or Android).
  • By 2012, respondents expected that, on average, 20% of mobile devices used for business purposes would be owned by employees.
  • A little over 50% of the respondents were planning to move to thinner client architectures to make it easier to support a wider range of endpoint devices.
  • Respondents were asked whether they believed that their current smartphone and tablet security strategies would satisfy an auditor. Just over 18% said it would, just over 45% said it wouldn't and the remaining was unsure.

 It’s clear that in any regulated industry, those percentages don’t add up to equal compliancy.

While technology innovations are increasing at an exponential rate, the potential problems that are created as a result are right behind them. Luckily, security vendors will likely keep up with creating solutions for compliance and risk issues that technology creates.

 

References: Findings: Consumerization Is Affecting Enterprise Mobility Strategies. Gartner. Gartner.com