Businesses are Failing at Security and Compliance

There’s a growing gulf between what organizations throw into IT security and compliance, and the results they get. According to the Sans Institute, organizations with 500 or more employees are projected to spend 7-9% of their annual budget on security and compliance, with smaller organizations spending 6-7%. And spending continues to increase — by 2020, the global cyber security market is projected to reach $170 billion.

 
cqkd5pjwyaaket8And yet companies are still failing at security and regulatory compliance. According to the Association of Certified Fraud Examiners, fraud costs organizations an average of 5% of annual revenue, and a single incident costs $150,000 on average. But compliance penalties are often much more costly. A recent SEC enforcement action cost a broker-dealer $1 million for violations of the GLBA Safeguards Rule, and HIPAA compliance penalties often run into the millions. And that doesn’t count secondary costs like lost business, lawsuits, bad publicity and professional censure.

 

Companies Don’t Have the Resources to Handle Security and Compliance Alone

The complexity of modern security and compliance requirements places huge burdens on internal IT and regulators. But while companies have used IT managed services to cope with increasing complexity and cost in areas like hosting and administration, many still depend on overtaxed teams and archaic techniques where security and compliance is concerned.

 

Instead of having computers audit access logs in real time, they have staff spend hundreds of hours poring through documents. Rather than outsourcing monitoring and incident response to 24/7 specialist teams, they assign it to a 9-to-5 hire who won’t be there for an off-hours incident. And, when they can’t implement an adequate change control system, they resign themselves to always playing catch-up with impatient auditors.

 

Security and Compliance as a Service is the Only Rational Approach

It’s time for this all to end — you didn’t get into business to fight with auditors and giant stacks of paperwork. And with Symmetry’s Security Complete PlusGRC, you won’t have to anymore. Symmetry’s new security and compliance as a service offering completely manages SAP security and Access Control across your landscape. Using ControlPanelGRC®, our award winning compliance software suite, we can automate compliance tasks like:

 

 

The software is backed up by 24×7 security and compliance monitoring and incident response, strategic what-if planning and risk mitigation, and around-the-clock access to expert consultants, who know your system inside and out.

 

Contact us to learn how Symmetry can help you put the risk, cost and frustration of security and compliance behind you.

 

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.