News

Changes in technology create new difficulties for GRC processes

In this #GRCChat, participants discuss how changes in technology like consumerization and evolving security threats affect GRC management and consider who should be responsible for that management.

Aislyn Fredsall
By
Published: 12 May 2015

The widespread use of both business and personally owned technology in the workplace, due toIT consumerization, has created new security risks and complications for compliance processes. From acceptable use policies to bring your own device (BYOD) and beyond, enterprises must find a way to adapt their GRC management to the changing ways that employees and consumers interact with technology every day.

Curiously, in Accenture's recent survey of compliance officers from 150 financial services companies, 59% of respondents said that they do not consider understanding technology trends to be a key skill for a compliance officer.

Is that thinking shared by SearchCompliance followers and editors? In this #GRCChat recap, participants discuss how enterprises should adjust their GRC management policies to keep up with new technology and who should be responsible for that management in the first place.

How has the rise of consumer-centric technology use for business gain complicated GRC management processes?

Many enterprises find it difficult to keep their GRC policies in step with the rapid changes in technology and the new threats those changes create. However, #GRCChat participants quickly pointed out that although it is difficult, enterprises must still invest in keeping GRC processes up-to-date:

GRC policies are not only suffering because of rapid developments in technology, though. Many of these new technologies are consumer-focused, so employees become accustomed to utilizing these tools in their personal lives before bringing them into the workplace; often without the enterprise's approval or possibly even knowledge. Employees using technologies that are not supported by the enterprise's IT department, a concept known as shadow IT, further complicates GRC management.

SearchCompliance Site Editor Francesca Sales and SearchCIO Senior News Writer Nicole Laskowski both wondered how these changes in technology will affect C-level positions and their responsibilities:

Who should be responsible for compliance and consumer risk management strategy? Legal counsel? CIO? CISO? Someone else?

In order to keep pace with changes in technology, someone first needs to be in charge of the enterprise's GRC processes and strategy. Different companies have different people at the helm of this task, but most participants seemed to agree that the leadership responsibilities should be collaborative, whether that be between specific C-level executives or the C-suite as a whole:

SearchCompliance Site Editor Ben Cole -- via the SearchCompliance Twitter handle -- went a step further by suggesting that legal counsel would be a good option to head this collaboration, which sparked a conversation among participants:

Focusing on the C-suite's relationship with security and compliance, one participant wondered if companies can capitalize on good GRC management and turn it into a marketing opportunity:

Who do you think should be in charge of an enterprise's GRC strategy? Why do you think consumer-centric technology has complicated GRC management? Sound off in the comments section below.

Next Steps

For more on how consumer technology is complicating GRC management, check out this #GRCChat recap about wearables in the workplace. Then, watch this video of risk management professionals discussing technological trends that are influencing enterprises' risk management policies. Finally, learn more about the role of a GRC professional from the TechTarget IT Salary and Careers Survey 2014.

Dig Deeper on Risk management and compliance

SearchCIO
SearchHealthIT
SearchCloudComputing
SearchDataCenter
SearchDataManagement
SearchSecurity
Close