News

Changes in technology create new difficulties for GRC processes

In this #GRCChat, participants discuss how changes in technology like consumerization and evolving security threats affect GRC management and consider who should be responsible for that management.

The widespread use of both business and personally owned technology in the workplace, due toIT consumerization,...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

has created new security risks and complications for compliance processes. From acceptable use policies to bring your own device (BYOD) and beyond, enterprises must find a way to adapt their GRC management to the changing ways that employees and consumers interact with technology every day.

Curiously, in Accenture's recent survey of compliance officers from 150 financial services companies, 59% of respondents said that they do not consider understanding technology trends to be a key skill for a compliance officer.

Is that thinking shared by SearchCompliance followers and editors? In this #GRCChat recap, participants discuss how enterprises should adjust their GRC management policies to keep up with new technology and who should be responsible for that management in the first place.

How has the rise of consumer-centric technology use for business gain complicated GRC management processes?

Many enterprises find it difficult to keep their GRC policies in step with the rapid changes in technology and the new threats those changes create. However, #GRCChat participants quickly pointed out that although it is difficult, enterprises must still invest in keeping GRC processes up-to-date:

A1 Simply put, new tech creates new breach vulnerabilities-biz must constantly review + revise #GRC management strategy to adapt #GRCChat
— SearchCompliance.com (@ITCompliance) March 26, 2015

A1 But because new tech – and the threats that come with them – change so quick, biz budgets and resources struggle to keep up #GRCChat
— SearchCompliance.com (@ITCompliance) March 26, 2015

#grc processes are going to have to keep up w/ the pace of tech change! #grcchat easier said than done, i'm guessing
— Fran Sales (@Fran_S_TT) March 26, 2015

A1 Companies must designate time and resources to make sure GRC processes are keeping up with new tech their customers are using #GRCchat
— SearchCompliance.com (@ITCompliance) March 26, 2015

GRC policies are not only suffering because of rapid developments in technology, though. Many of these new technologies are consumer-focused, so employees become accustomed to utilizing these tools in their personal lives before bringing them into the workplace; often without the enterprise's approval or possibly even knowledge. Employees using technologies that are not supported by the enterprise's IT department, a concept known as shadow IT, further complicates GRC management.

A1 Tougher to implement controls and enforce policy #GRCChat
— Dan Sanders (@dansanders) March 26, 2015

A1 Easy-to-access consumer tech has given rise to shadow IT, which can certainly complicate corporate #GRC strategy. #grcchat
— Nicole Laskowski (@TT_Nicole) March 26, 2015

A1: Tough to guarantee GRC constraints while satisfying user wants for convenience and ease of use. #grcchat
— Forvalaka41 (@Forvalaka41) March 26, 2015

SearchCompliance Site Editor Francesca Sales and SearchCIO Senior News Writer Nicole Laskowski both wondered how these changes in technology will affect C-level positions and their responsibilities:

also curious how #GRC officers' relationships w/ rest of c-suite change with these tech developments #GRCChat
— Fran Sales (@Fran_S_TT) March 26, 2015

A1 I'd be interested to hear how businesses can create agile GRC processes. Where does the CIO need to start? #GRCchat
— Nicole Laskowski (@TT_Nicole) March 26, 2015

Who should be responsible for compliance and consumer risk management strategy? Legal counsel? CIO? CISO? Someone else?

In order to keep pace with changes in technology, someone first needs to be in charge of the enterprise's GRC processes and strategy. Different companies have different people at the helm of this task, but most participants seemed to agree that the leadership responsibilities should be collaborative, whether that be between specific C-level executives or the C-suite as a whole:

A5 Should be a partnership between the Chief Risk Officer and the CISO. Depends on the size of the org. #GRCChat
— Elliott Franklin (@elliottfranklin) March 26, 2015

A5: Seems like the whole C-suite would have roles to play or requirements to consider. GRC/audit/sec/etc. should all get visibility.#grcchat
— Forvalaka41 (@Forvalaka41) March 26, 2015

A5 All will likely be involved in compliance/RM strategy, but one should be chosen to lead/make sure goals are met #GRCchat
— SearchCompliance.com (@ITCompliance) March 26, 2015

SearchCompliance Site Editor Ben Cole -- via the SearchCompliance Twitter handle -- went a step further by suggesting that legal counsel would be a good option to head this collaboration, which sparked a conversation among participants:

@ITCompliance Respectfully disagree on A5: legal should be top SME, but they are too diffuse to focus on #GRC #GRCChat
— Dan Sanders (@dansanders) March 26, 2015

@ITCompliance Are we going to start seeing the rise of the CLO? Chief Legal Officer? #GRCchat
— Nicole Laskowski (@TT_Nicole) March 26, 2015

@TT_Nicole @ITCompliance #grcchat Good Q. How many people can be "chief" before the C-suite becomes too granular?
— Forvalaka41 (@Forvalaka41) March 26, 2015

Focusing on the C-suite's relationship with security and compliance, one participant wondered if companies can capitalize on good GRC management and turn it into a marketing opportunity:

A5: (Q) Will we start seeing the CMO authorizing marketing campaigns that hinge on better GRC/sec. than their breached competitors? #grcchat
— Forvalaka41 (@Forvalaka41) March 26, 2015

Who do you think should be in charge of an enterprise's GRC strategy? Why do you think consumer-centric technology has complicated GRC management? Sound off in the comments section below.

Next Steps

For more on how consumer technology is complicating GRC management, check out this #GRCChat recap about wearables in the workplace. Then, watch this video of risk management professionals discussing technological trends that are influencing enterprises' risk management policies. Finally, learn more about the role of a GRC professional from the TechTarget IT Salary and Careers Survey 2014.

Dig Deeper on Risk management and compliance

All
News
Get Started
Evaluate
Manage
Problem Solve

Aislyn Fredsall asks:

How do you think changes in technology have complicated GRC management?

Join the Discussion

How has the rise of consumer-centric technology use for business gain complicated GRC management processes?

Who should be responsible for compliance and consumer risk management strategy? Legal counsel? CIO? CISO? Someone else?

Next Steps

Related Resources

Dig Deeper on Risk management and compliance

Join the conversation

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.