Most compliance officers know the change in calendar years brings with it operational changes driven by new legislation. And with the broad assortment of new rules and regulations kicking in this month, 2011 will be no different than any other year.
But it is not the expected regulatory changes by themselves that will have the biggest impact on how compliance strategies evolve this year. Rather, it will be the impact of their hidden changes that hit the hardest.
For example, take the Payment Card Industry Data Security Standard (PCI DSS) 2.0 standard, which brings with it several changes to how credit card transactions should be processed. Arguably, the most significant of these changes is the acknowledgement of virtualization.
With PCI 1.2.1, it was necessary to keep distinct functions physically separate to satisfy auditors. Simply put, each function needed to have its own dedicated processor, storage and memory, thereby creating a tangible separation of functions. PCI 2.0 changes all of that with the recognition of virtualization, because now that functional segregation can take place using virtual machines.
This may not seem like a big deal for many compliance officers. They may feel it is merely an acknowledgement of technology that has become entrenched in the data center. In practice, however, PCI 2.0 proves to be one of the biggest advances for those bound by version 1.2.1’s archaic rules.
With PCI 2.0, all of the money saving capabilities of virtualization can now be realized. Implementers can now reduce server footprints; require fewer physical machines; and can lower electrical and management costs.
The lesson this story teaches is you need to look closely at the true impact of compliance rule changes. These new technologies and accompanying rule changes can significantly improve ROI and lower the total cost of ownership (TCO) compared to many compliance regulations of the past.
And, as such, an expensive burden can actually become the pathway to savings.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.