IBM Corp. and enterprise security specialist Telos Corp. are teaming up to help businesses cope with the seemingly unfettered growth of new regulations.
The two companies are launching Active Governance Services, a set of technologies and best practices that help enterprises operationalize and automate both cybersecurity compliance and regulatory risk.
There’s no question that the need exists. A 2020 study commissioned by Telos found that the average organization must comply with 13 different IT security compliance and privacy regulations, a task that involves an average of 22 people and consumes 58 working days per quarter. “Once upon a time compliance might have been just [the National Institute of Standards and Technology],” said Hugh Barrett, vice president of technical solutions at Telos. “Now it’s NIST, [the Payment Card Industry Data Security Standard], privacy and maybe [The European Union’s General Data Protection Regulation]. We can eliminate the audit fatigue and automate some of the control stacks. We automate the generation of control validation that has to be done and tailor it based on the target of the audit.”
A new wrinkle is in maintaining compliance during cloud migration. The Telos study also found that 86% of respondents believed compliance is or will be an issue when moving systems, applications, and infrastructures to the cloud.
“A lot of organizations don’t understand the cloud shared responsibility model,” Barrett said. Telos has tools that help in applying shared security principles across multiple cloud platforms. “You get a better understanding of what controls you inherit, what you’re responsible for and what is shared responsibility,” Barrett said. “We can also give you best practices or recommended controls to handle common questions about what controls you need to apply.”
Telos’ Xacta IT Risk Management platform automates compliance and audit activities like control selection, validation, reporting, and monitoring, the company said. In many cases, companies currently handle such tasks manually.
“Companies collect data for audit and compliance from different vendors and in different formats – both structured and unstructured – and normally it put it into a spreadsheet for manual reporting,” said Evelyn Anderson, an IBM Distinguished Engineer. “With this tool, instead of manually generating reports they use [application program interfaces] that ingest data from the different vendors or they can create custom APIs to automate things that are today manually intensive.”
Telos will make its software and services available via IBM’s Security Services operation, offering strategic planning, responsive compliance reporting, proactive monitoring and automation intended to create a more orderly approach to IT risk management and compliance. The company said it can reduce the time needed to comply with regulatory requests by 90% and the time to generate regulatory documentation by up to 70%.
Telos’ roots are in government contracting and the company is strongest there but it’s looking to expand. “With IBM we can move beyond that government sphere,” Barrett said. “We know governments worldwide but we don’t know commercial and other verticals as well. IBM brings us those skills.”