In recognizing the growing impact of third-party risks on operational resilience, the Prudential Regulation Authority (PRA) has established new regulatory requirements in the areas of third-party risk management and outsourcing. The details were published in a Supervisory Statement that has been put into effect since March 2022.

The ephemeral nature of the cloud has made compliance and security a greater challenge for organizations. The volume of data that companies must collect and retain from their cloud services, depending on their industry, is ballooning fast. According to ESG, 71% of companies believe their observability data (logs, metrics and traces) is growing at a concerning rate. Even so, outcomes are getting worse, not better. Six out of 10 teams are unable to prevent issues before customers are impacted.

Standing up a strong compliance program is critical for any organization expected to show adherence to SOC 2, HIPAA, PCI, ISO27001 and other frameworks – and it can be very challenging. For starters, you have to juggle evidence collection, task management, policy mappings, and monitor controls across multiple frameworks.

Learn about Kubernetes compliance challenges, consequences of non-compliance, and get guidance on maintaining a secure and compliant cloud environment in a dynamic Kubernetes setup. Kubernetes is a leading open-source platform for automating containerized applications’ deployment, scaling, and management. With the growing adoption of cloud, hybrid, and multicloud environments, the topic of Kubernetes compliance has become increasingly pertinent.

What if a malicious threat actor would want to get into the U.S. Department of Defense’s (DoD) network. Could they do it? You may think this only happens in the movies, right? In this case, reality surpassed fiction. On Dec.20, 2018, the APT10 Group did exactly that. Members of APT10 stole personal, confidential information, including social security numbers and dates of birth, from over 100,000 Navy personnel.

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security Management because it has broken out of the realms of the cybersecurity industry and into the world of business.

Today, many organizations are governed by various types of industry regulations. To name a few: General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA). These regulations are subject to regular and complex amendments, and many compliance officers expect proactive compliance from every regulated company.

PCI 4.0 — the PCI Standards Security Council’s first update since 2018 to the PCI Data Security Standards (PCI DSS) — is a major iteration that shifts away from the traditional point-in-time assessment. Do you remember how an auditor would annually determine the PCI compliance status of a merchant’s or service provider’s system on a specific day in a specific month and assume — somehow — that the snapshot characterized their status all year?

HIPAA is a legal healthcare privacy standard passed into law by the Clinton administration. The law standardized how private healthcare information had to be protected and stored by hospitals. In its earliest years of inception, these rules were straightforward. Things have changed considerably. With the digitalization of healthcare records, it’s now easier than ever for patients and hospitals to access records, but it’s also easier for bad actors.