With the landscape for compliance evolving at a rapid pace, companies will need to adapt to new challenges and circumstances in the coming year.
.
.
SC Media spoke with top vendors in the field who agreed that the compliance landscape scarcely resembles what it was just a few years ago, and with new technologies and policies being implemented, the approach that executives will need to take will need to change.
View the full list of 2024 SC Awards winners here.
AI in the spotlight
Artificial intelligence has permeated into every facet of the technology sector, and AI is no different.
Vendors believe that with companies facing tighter compliance requirements over a larger volume of code and applications, AI could emerge as an option. In such cases, automated systems could be used to comb through code and alert developers and administrators to possible vulnerabilities or data exposures.
Travis Howerton, co-founder and CEO of RegScale, a 2024 SC Awards winner for Best Compliance Solution, told SC Media that he envisions AI as a sort of assistant to those who seek to maintain compliance.
“They can make better risk-based decisions and take action,” Howerton explained. “Spend more time looking at what data is telling you and reduce the risk in your organization.”
Emily Schwenke, Director of Archive Product Marketing at Mimecast, a 2024 SC Awards Finalist for Best Secure Messaging Solution, told SC Media that with the adoption of AI will come additional considerations and factors for companies to take into account.
“It is becoming more and more difficult to manage the data and stay compliant,” Schwenke explained.
“People use AI, but we need to be careful about how we use it and what we expose.”
Going forward, vendors expect their customers to seek out AI features and options in their compliance solutions.
More regulations, tougher regulations
One issue that came up across vendors was the growing number of international regulations on the handling and transport of personal data. Not only do laws such as GDPR and FedRamp bring new requirements for companies, but they also bring the potential for stiff fines.
“We are seeing real teeth in the regulations,” said Howerton.
“They realized the carrot incentive didn’t work, but the stick does.”
Punative regulations are a new development in the market, said Howerton. While companies previously had to take these regulations into account, the consequences of falling afoul of data regulations were something of an afterthought.
The fines and consequences of improperly storing and transporting sensitive data, however, could be far more significant and painful for enterprises.
Not only are the laws being more stringently enforced, they are becoming more numerous.
In Europe, GDPR will soon be joined by the Digital Operational Resources Act (DORA) in governing how data can be stored and transported. In the U.S., meanwhile, the FedRamp Act will make the transition from guidance to binding law.
That these laws only apply in their respective continents is beside the point, thanks to the increasingly global nature of software and data management.
Howerton noted that a company based in the U.S. may still be part of a supply chain that operates in Europe, leaving them just as accountable for violations of those laws as a company based in Europe, and vice versa.
“It creates a pile-on effect,” Howerton noted, “so the scope just feels like it is never ending.”
Not everything is grim, however. Schwenke noted that in some cases the restrictions on data protection were actually loosened. In leaving the EU, the United Kingdom in particular became a far less foreboding place for companies when it comes to data protection and compliance.
People assumed that data sovereignty laws would be more significant and that didn’t pan out,” said Schwenke.
“Nothing got tighter — it is just the reigns were loosened in UK.”
Looking to 2025: More platforms, more requirements
Looking into the coming months and years, experts see significant changes ahead in the compliance space.
Schwenke said her company will be focusing on compliance across new platforms.
“The biggest issue is data sources,” said Schwenke, explaining that with so many communications platforms and devices in use, managing data beyond the level of email will become a priority for companies.
Howerton, meanwhile, sees companies being faced with the challenge of keeping up with a rapidly evolving environment and the challenges that will pose.
“Most people have legacy tools that they are using to stay on top of these problems,” he said.
“The problem is that the modern world is breaking everything, those tools are not made for this environment.”
Explore more Top Cybersecurity Trends of 2024 / 2025
- State of CISO Leadership: 2024
- 2024 Merger and Acquisition Trends: Deal volumes cool, values heat up
- With an eye to AI, cybersecurity sector investment rebounds
- The State of Identity in 2024: Passkeys, deepfakes and IAM-PAM convergence
- The State of AppSec in 2024: Expanded use, expanded attack surface
- Top 2024 SaaS Concerns: Data breaches, AI and insider risks