By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example.
I know many will read this title and think that I am crazy. If I am compliant with NIST, HIPAA, ISO, PCI, etc., then I am running a secure network. And to a point that is true. But let’s look at it this way. If you are driving down the interstate at the posted speed limit and are keeping three car lengths between the driver in front of you, are you truly safe and secure on the interstate?
Although application security and compliance are relatively modern concerns, they impact every industry that uses technology, even traditional industry sectors such as manufacturing. Most manufacturers that do business on a large scale have embraced technology as a necessary business component in the digital economy. Many manufacturers have built heavily integrated functions across the entire manufacturing process, as well as tying in related areas such as operations and logistics.
Security and compliance has a major role in every organization. Businesses are nothing without the trust and loyalty of their customers, and for many companies — from early-stage startups to multinational corporations — winning that trust starts by demonstrating that you have the correct security controls in place. Internationally-recognized compliance standards, such as ISO 27001, PCI-DSS, and SOC 2, make up the industry-standard goals that most businesses and organizations pursue.
We have entered the era of data compliance laws, but regulations have not quite caught up to the level of risk that most organizations are exposed to. Uniting security and compliance is crucial to maintaining regulation standards and ensuring a secure environment for your business. Digital transformation and the rollout of new digital tools are moving faster than the speed of litigation. For example, many industries are utilizing connected IoT tools that significantly increase attack vectors.
NIST SP 800-161 revision 1 outlines a cybersecurity framework for mitigating security risks in the supply chain. NIST SP-800-161 is a subset of NIST 800-53, a broader cyber risk mitigation framework that’s foundational to most cybersecurity programs. The National Institute of Standards and Technology (NIST) designed NIST 800-161 to improve cyber supply chain risk management for all U.S federal agencies.
IoT has emerged as a concept in the early 2000s. Since then, this technology has been adapted to facilitate more innovative building technologies and improved security strategies. It looks like IoT is here to stay and will be the future of building technology and security. According to Statista, there are currently 3.65 billion IoT-connected devices worldwide.
