RSA 2010: Start thinking about security beyond just compliance

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

After the industry analysts’ roundtable at the RSA Conference 2010 I spoke with Jonathan Penn of Forrester. Penn covers all areas of security from the vendor side, but the area we focused on was the issue of compliance.

Compliance distracts people from doing their business better. For most organizations, it’s just a check box. And as we’ve heard over and over again, compliance does not equal security.

In fact, many organizations wouldn’t do data security if it wasn’t a requirement. That’s why we have compliance requirements and because it’s “required” projects within an organization only get funding if they’re connected to some regulation.

See my related article “Security industry analysts’ roundtable” and my interview with Christian Christiansen “Stop obsessing over compliance and start obsessing over audits.”

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: Forrester, IT Security, IT Security and Data Protection, Regulatory Compliance, RSA, RSA 2010, RSAC

This post was written by…

David Spark has contributed 110 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.