Tufin: compliance does not guarantee security

Munich, (PresseBox) - News reports that some of the firms who have experienced data breaches in recent months were PCI-compliant highlights the fact that - even if a company has passed must on the regulatory front - this does not guarantee the integrity of their IT security systems, says Tufin Technologies, the security lifecycle management specialist.

"Complacency is the IT manager's worst enemy, especially when it comes to IT security," said Reuven Harrison, Tufin's chief technology officer.

"This fact was brought home quite clearly at last week's Black Hat security briefings in Las Vegas, at which researchers revealed company after company - and technology upon technology - whose IT security could be compromised," he added.

According to Harrison, as witnessed by the comments of Douglas Merrill, former VP of engineering with Google at Black Hat, if senior managers can become frustrated with an IT architecture, then the same thing can happen further down the management chain.

And when that happens, he says, the firm becomes a breeding ground for IT workarounds that allow staff to work more efficiently, but also allow them to circumvent their own security systems.

As a result of these pressures, having systems in place that check any and all IT security configuration changes for compliance with corporate policies, he explained, is rapidly becoming a critical competent of an efficient security regime.

You can also expect to see these pressures to work more efficiently increase as the effects of the economic situation that many companies now find themselves, said the Tufin CTO.

As a result, he noted, you can begin to understand why, if a company is PCI compliant - as was the case with Heartland Payment Systems - they can still be hit by a data breach.

"Regulatory compliance and best practice certifications are excellent indicators of management quality, but when it comes to security, the acid test is whether multiple layers of security are installed, and are reviewed - as well as tested - on a regular basis," he said.

"This is what security lifecycle management is all about. IT security has now become a state of mind and needs a holistic approach if management is stand a chance of beating the security demons," he added.

Press releases you might also be interested in

Weitere Informationen zum Thema "Security":

So geht das VPN in die Cloud

Si­cher­heits-Ser­vices wie ein Vir­tual Pri­va­te Net­work (VPN) las­sen sich heu­te ein­fach in die Cloud aus­la­gern. Wich­tig ist, sich im Vor­feld über das ge­for­der­te Si­cher­heits­ni­veau und die An­for­de­run­gen und Ein­satz­um­ge­bun­gen der Cli­ents klar zu wer­den und dies für den Cloud-VPN-Pro­vi­der nach­voll­zieh­bar zu do­ku­men­tie­ren. Best Practi­ces für die Aus­wahl des Pro­vi­ders und den Ablauf des Pro­jekts hel­fen da­bei, sch­nell und mög­lichst kos­ten­güns­tig zum Ziel zu kom­men.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.