AI/ML, Governance, Risk and Compliance, AI benefits/risks

AI, loss of borders dominate the compliance landscape in 2024

Share
Closeup of glass globe on black background. Screensaver for world news concept

With the landscape for compliance evolving at a rapid pace, companies will need to adapt to new challenges and circumstances in the coming year.

SC Media spoke with top vendors in the field who agreed that the compliance landscape scarcely resembles what it was just a few years ago, and with new technologies and policies being implemented, the approach that executives will need to take will need to change.

View the full list of 2024 SC Awards winners here.

AI in the spotlight

Artificial intelligence has permeated into every facet of the technology sector, and AI is no different.

Vendors believe that with companies facing tighter compliance requirements over a larger volume of code and applications, AI could emerge as an option. In such cases, automated systems could be used to comb through code and alert developers and administrators to possible vulnerabilities or data exposures.

Travis Howerton, co-founder and CEO of RegScale, a 2024 SC Awards winner for Best Compliance Solution, told SC Media that he envisions AI as a sort of assistant to those who seek to maintain compliance.

“They can make better risk-based decisions and take action,” Howerton explained. “Spend more time looking at what data is telling you and reduce the risk in your organization.”

Emily Schwenke, Director of Archive Product Marketing at Mimecast, a 2024 SC Awards Finalist for Best Secure Messaging Solution, told SC Media that with the adoption of AI will come additional considerations and factors for companies to take into account.

“It is becoming more and more difficult to manage the data and stay compliant,” Schwenke explained.

“People use AI, but we need to be careful about how we use it and what we expose.”

Going forward, vendors expect their customers to seek out AI features and options in their compliance solutions.

More regulations, tougher regulations

One issue that came up across vendors was the growing number of international regulations on the handling and transport of personal data. Not only do laws such as GDPR and FedRamp bring new requirements for companies, but they also bring the potential for stiff fines.

“We are seeing real teeth in the regulations,” said Howerton.

“They realized the carrot incentive didn’t work, but the stick does.”

Punative regulations are a new development in the market, said Howerton. While companies previously had to take these regulations into account, the consequences of falling afoul of data regulations were something of an afterthought.

The fines and consequences of improperly storing and transporting sensitive data, however, could be far more significant and painful for enterprises.

Not only are the laws being more stringently enforced, they are becoming more numerous.

In Europe, GDPR will soon be joined by the Digital Operational Resources Act (DORA) in governing how data can be stored and transported. In the U.S., meanwhile, the FedRamp Act will make the transition from guidance to binding law.

That these laws only apply in their respective continents is beside the point, thanks to the increasingly global nature of software and data management.

Howerton noted that a company based in the U.S. may still be part of a supply chain that operates in Europe, leaving them just as accountable for violations of those laws as a company based in Europe, and vice versa.

“It creates a pile-on effect,” Howerton noted, “so the scope just feels like it is never ending.”

Not everything is grim, however. Schwenke noted that in some cases the restrictions on data protection were actually loosened. In leaving the EU, the United Kingdom in particular became a far less foreboding place for companies when it comes to data protection and compliance.

People assumed that data sovereignty laws would be more significant and that didn’t pan out,” said Schwenke.

“Nothing got tighter — it is just the reigns were loosened in UK.”

Looking to 2025: More platforms, more requirements

Looking into the coming months and years, experts see significant changes ahead in the compliance space.

Schwenke said her company will be focusing on compliance across new platforms.

“The biggest issue is data sources,” said Schwenke, explaining that with so many communications platforms and devices in use, managing data beyond the level of email will become a priority for companies.

Howerton, meanwhile, sees companies being faced with the challenge of keeping up with a rapidly evolving environment and the challenges that will pose.

“Most people have legacy tools that they are using to stay on top of these problems,” he said.

“The problem is that the modern world is breaking everything, those tools are not made for this environment.”

Explore more Top Cybersecurity Trends of 2024 / 2025

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds