Highlights:
- According to a Telos-commissioned 2020 study, the average firm must comply with 13 separate IT security compliance and privacy standards, a task that requires an average of 22 individuals and 58 working days per quarter.
- According to the Telos report, 86% of respondents say compliance is or will be an issue when migrating systems, applications, and infrastructures to the cloud.
IBM Corp and corporate security specialist Telos Corp have joined hands to help businesses cope with the unstoppable expansion of new laws.
The two businesses are establishing Active Governance Services, a collection of information technologies and best practices that have been designed to help enterprises operationalize and automate cybersecurity compliance and regulatory risk.
There is no doubt that there is a dire need. According to a Telos-commissioned 2020 study, the average firm must comply with 13 separate IT security compliance and privacy standards, a task that requires an average of 22 individuals and 58 working days per quarter. These include regulations such as the National Institute of Standards and Technology, the Payment Card Industry Data Security Standard, and the General Data Protection Regulation of the European Union.
Hugh Barrett, Vice President of technical solutions at Telos, said, “Once upon a time, compliance might have been just NIST.” He added, “Now it’s NIST, PCIDSS, privacy, and maybe GDPR. We can eliminate the audit fatigue and automate some of the control stacks. We automate the generation of control validation that has to be done and tailor it based on the target of the audit.”
Maintaining compliance during cloud migration has introduced a new wrinkle. According to the Telos report, 86% of respondents say compliance is or will be an issue when migrating systems, applications, and infrastructures to the cloud.
Barrett said, “A lot of organizations don’t understand the cloud shared-responsibility model.” Telos has tools that help apply shared security principles across multiple cloud platforms. “You get a better understanding of what controls you inherit, what you’re responsible for, and what is shared responsibility,” Barrett said. “We can also give you best practices or recommended controls to handle common questions about what controls you need to apply.”
According to Telos, its Xacta IT Risk Management software automates compliance and audit operations such as control selection, validation, reporting, and monitoring. Currently, many businesses handle such activities manually.
Evelyn Anderson, an IBM Distinguished Engineer, said, “Companies collect data for audit and compliance from different vendors and in different formats — both structured and unstructured — and normally it put it into a spreadsheet for manual reporting.” She added, “With this tool, instead of manually generating reports, they use application program interfaces that ingest data from the different vendors, or they can create custom APIs to automate things that are today manually intensive.”
Telos’ software and services will be made available through IBM’s Security Services operation, including strategic planning, timely compliance reporting, proactive monitoring, and automation to provide a more orderly approach to IT risk management and compliance. According to the company, it can save the time required to comply with regulatory demands by 90% and the time required to prepare regulatory documents by up to 70%.
Telos’ roots are in government contracting, and the company is strongest there, but it wants to grow. Barrett said, “With IBM, we can move beyond that government sphere.” He also added, “We know governments worldwide, but we don’t know commercial and other verticals as well. IBM brings us those skills.”