Manage risk without breaking the bank

A trusted partner can help you navigate through your data protection and compliance needs


By Beverly Crisler, Technical Delivery Director

A quick scan of the headlines makes it easy to see why data protection and regulatory compliance are growing concerns for many companies. The average cost of a data breach is more than $6 million, according to the Ponemon Institute. This, combined with the resulting reputational damage, is enough to cripple many organizations – or put them out of business.

At the same time, securing data and maintaining regulatory compliance has become increasingly complex, with organizations facing hundreds of security and privacy-related standards, regulations and laws. While data breaches and network hacks are at an all-time high, regulations are becoming more specific and increasingly strict. To make matters worse, many C-level executives and IT administrators lack the expertise to navigate the maze of government and industry regulations.

How can you best tackle your compliance needs without breaking the bank - or overloading your IT department?

Understand your assets

To meet the security and privacy requirements of most regulations, it's important to first determine which assets you need to protect, and then determine who, both inside and outside of your organization, touches those assets. For example, before you can comply with HIPAA regulations for handling protected health information, you need to identify the types of information you capture, handle or own, and just as important, where that data resides. Then you can start thinking about how to isolate and segment that data to protect it. It is helpful to create an application roadmap to see exactly how that data flows and which applications, both internal and third-party, touch sensitive data.

In the same way, if you are processing cardholder data, you need to ensure that you are meeting the requirements of PCI DSS. Once you inventory your IT assets for payment card processing, you can analyze them for vulnerabilities that could expose cardholder data. For more insight into this subject, our Data Protection 101 white paper provides further guidance about protecting data security and integrity.

Find the gaps

Remember when you were a child and your parents took you to the doctor for a shot? Getting that shot was less painful if you didn't look, right? In the past, companies often took this approach with gaps in data security. It's the old adage: What you don't know won't hurt you.

This is no longer an option. Today, companies of all sizes are investing in third-party audits to gain a clear understanding of the vulnerabilities within their IT environment. Auditors can help you see where breaches can take place. Once the audit is complete, talk to your team about its outcomes and create a strategy to fill the gaps.

Choose the right partner

Turning to a reliable IT infrastructure partner for cloud and/or data center services - with the processes, technology and expertise to address regulatory requirements - can help minimize the complexities of compliance. For many organizations, working with a partner is the most cost-effective option. This partner can alleviate some of the burden on your IT department, freeing them to devote their resources to more strategic endeavors. It can also cut down on configuration and deployment errors, mitigate risk and deliver a near-immediate return on investment. This guide to selecting the right colocation provider will help you identify exactly what you can expect that partner to do for you.

The compliance landscape isn't getting any easier to navigate or any less expensive. With the right partner, you can survive in this environment without breaking the bank — or going it alone.

Beverly Crisler

Director of service delivery
Beverly Crisler

Beverly is the technical delivery director for Flexential operations in Atlanta, where she focuses on the consistent and timely execution of service delivery for the Atlanta customer base. She is responsible for ensuring that processes and procedures are followed by market-level engineering resources to deliver contracted Flexential services. Previously, Beverly held positions in infrastructure and service delivery at a variety of healthcare organizations.