The task chief compliance officers face in routinely crafting multifaceted solutions involving complex technologies doesn’t figure to get simpler any time soon.
Complexity is usually the enemy of any working process. The more complex a technology or environment, the more likely the process will fail. Nowhere is this more evident than in the compliance arena, where the rules and regulations change as frequently as the technology it must work hand in glove with.
So the question compliance officers need to ask is: How do I deal with the complexities of IT change? As a number of complex technologies take deeper root over the course of 2011, it will be an important question to answer.
For instance, many companies are piloting virtual desktop infrastructure (VDI) projects, setting the stage for a future world where PC operations take place back in the data center and rendering desktop PCs to little more than dumb terminals. Because the promise of VDI is multifaceted, including the hope that it will solve many security and support problems, many are predicting that VDI will become prevalent in 2011.
But if you ask most VDI projects leaders how VDI affects compliance, you will get a blank stare. While there is plenty of finger pointing to go around in cases like this, it all comes down to simple communication. However, nothing is simple with compliance, even communications. The very nature of compliance leads to secrecy, and that secrecy is both the enemy and ally of IT projects.
Similar issues are bound to arise as virtualized applications, Software as a Service solutions and even cloud computing initiatives take hold in the enterprise, all of which will continue to be hot technologies well into 2011 and beyond.
Meeting the challenge of new IT implementations will take more than a little finesse on the part of the harried compliance officer, as he or she becomes enveloped in network security, technology planning, human resources and executive management.
Happily, many vendors have recognized the dilemma facing compliance officers and are launching services to help with compliance. EMC, for instance, has announced expanded consulting services to help organizations meet the Payment Card Industry Data Security Standard 2.0, which becomes effective Jan. 1. Other vendors are sure to follow with services and solutions aimed to accelerate compliance. It would be nice if these vendors decide not to wait until just a month before a new standard hits the streets to announce plans to help.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.