It’s now been 17 years since the passage of the Sarbanes-Oxley Act (SOX), which was…
Businesses are Failing at Security and Compliance
There’s a growing gulf between what organizations throw into IT security and compliance, and the results they get. According to the Sans Institute, organizations with 500 or more employees are projected to spend 7-9% of their annual budget on security and compliance, with smaller organizations spending 6-7%. And spending continues to increase — by 2020, the global cyber security market is projected to reach $170 billion.
And yet companies are still failing at security and regulatory compliance. According to the Association of Certified Fraud Examiners, fraud costs organizations an average of 5% of annual revenue, and a single incident costs $150,000 on average. But compliance penalties are often much more costly. A recent SEC enforcement action cost a broker-dealer $1 million for violations of the GLBA Safeguards Rule, and HIPAA compliance penalties often run into the millions. And that doesn’t count secondary costs like lost business, lawsuits, bad publicity and professional censure.
Companies Don’t Have the Resources to Handle Security and Compliance Alone
The complexity of modern security and compliance requirements places huge burdens on internal IT and regulators. But while companies have used IT managed services to cope with increasing complexity and cost in areas like hosting and administration, many still depend on overtaxed teams and archaic techniques where security and compliance is concerned.
Instead of having computers audit access logs in real time, they have staff spend hundreds of hours poring through documents. Rather than outsourcing monitoring and incident response to 24/7 specialist teams, they assign it to a 9-to-5 hire who won’t be there for an off-hours incident. And, when they can’t implement an adequate change control system, they resign themselves to always playing catch-up with impatient auditors.
Security and Compliance as a Service is the Only Rational Approach
It’s time for this all to end — you didn’t get into business to fight with auditors and giant stacks of paperwork. And with Symmetry’s Security Complete PlusGRC, you won’t have to anymore. Symmetry’s new security and compliance as a service offering completely manages SAP security and Access Control across your landscape. Using ControlPanelGRC®, our award winning compliance software suite, we can automate compliance tasks like:
- Segregation of duties
- User and role management
- Emergency access management
- Audit and compliance reporting
The software is backed up by 24×7 security and compliance monitoring and incident response, strategic what-if planning and risk mitigation, and around-the-clock access to expert consultants, who know your system inside and out.
Contact us to learn how Symmetry can help you put the risk, cost and frustration of security and compliance behind you.