IT Compliance vs. IT Security: Understanding the Difference

In these uncertain times of COVID-19 the entire business spectrum is changing. It is more important than ever to grasp the significance and difference of IT security vs IT compliance. 

Using the current global situation it can be best described as:

The restrictions and rules many governments of numerous countries have laid out such as closing international borders, cancelling national bus and train lines, restricting physical contact with a 2m or 10ft distance, calling for citizens to stay home, could be compared to IT compliance. These are standards, rules, and laws in place to keep all citizens, and in the case of IT, businesses to a certain standard. They are laid out but it is up to each individual business to adhere to them, monitoring updates and changes and adapting as necessary.

IT security, on the other hand, is the actual protections taken to minimize risk of a data breach. Again compared to the current times this is the physical act of washing your hands, sanitizing clothes/shoes/phones upon returning home from the store, limiting trips outside and eliminating contact with others now called ‘social distancing’. IT security is utilizing the proper hardware and software to put barriers in place for hackers accessing private and confidential business data, including personal information of customers, employees, business partnerships and so on. Routine IT activities like password change prompts, remote access points when working out of the office and utilizing company issued equipment would all fall into this category. 

In summary, compliance is defined as an accordance or cooperation to laws set out while security is defined as the precautions taken to guard against crime, attacks and/or espionage. Best represented with a visual it is easy to categorize what belongs to IT compliance and what to IT security. 

IT Compliance:

  • Regulatory frameworks like GDPR
  • Policies
  • Standards like PCI DSS
  • Processes
  • Risk Analyses

IT Security:

  • Secure network access like 2 factor authentication
  • Strong identity controls
  • Encryption controls with HSM
  • Business processes
  • Security frameworks like firewalls and antivirus

There has long been a confusion in the difference of IT Security and IT compliance. Are they not one and the same? If you follow all the latest regulations, do you achieve IT security? 

As you can see there are actually vast differences between compliance and security and in fact not both rest on the shoulders of the IT department. While the IT department is critical in managing IT security, compliance may be a place where they are merely internal consultants. Protecting your business on both fronts is essential in achieving optimal operational excellence for your clients, your confidential processes, and in following the law. GDPR has had a tremendous impact on many businesses with multi-million dollar fines issued to the likes of British Airways. 

We are operating in uncertain times and while there is currently a period of lull, waiting to see when and how the repercussions will unfold, cyber security is on the rise. The World Health Organization and health organizations have had numerous attempts in March to gain access to confidential information as reported by NS Tech. While your business may or may not be related to the medical field, with so many people telecommuting and working from home on personal wifi connections, hacks are on the rise. This is an opportune and absolutely critical time to check in on your compliance levels and IT security protocols and ensure everything is up to date and safeguarded. Not only will you protect your business in the case of an attack, because as we’ve written before hackers don’t discriminate on business size and it is not just large health organizations at risk here. When COVID-19 settles, controls loosen and people begin to return closer to a normal pace of life if you act now, your business will be prepared.