We're posting this one a little early to make sure we catch folks reading the customer newsletter
There's been a lot of chatter about this in the past, but with all the breaches recently, it makes you wonder... does compliance actually make you more secure?
On the one hand, if you are already protecting your data, and generally following security best practices, compliance is kind of just a pain in the ****, a bunch of rubber stamps that you spend your time aligning to that just end up being a thorn in your side.
On the other hand, compliance initiatives really are trying to encourage standard ways to protect sensitive data (personal health info, intellectual property, credit cards, etc). They are generally things that people really should be doing to keep that data safe (generally...).
But in the end, if you are only compliant, are you actually more secure? Practically, for the smaller/midsize organization, compliance is an opportunity to get budget to BE more secure or implement some best practices that haven't really had a motivating factor (the whole "security is a cost center" sort of problem).
What do you think?