Meeting Compliance in the Cloud ≠ A Choice

In the past, we’ve talked about various ways that compliance can add value to your business. But what happens when you don’t attain or maintain compliance. (Note: In the following, we focus on PCI, but equally unpleasant consequences can result, of course, if you fail to meet other standards such as HIPAA, SOC 2, etc.).

Meeting Compliance ≠ A Choice

Did you know that:

  • 80% of businesses fail their interim PCI compliance assessments? (Source: Verizon’s 2015 Data Breach Incident Report)

  • Organizations that suffer data breaches also tend to have lower than normal compliance with PCI DSS standards (Source: According to Verizon’s 2015 Data Breach Incident Report). In other words, if your compliance posture isn’t up to PCI snuff, there’s a better chance you’ll get hit with a business-impacting breach.

  • 69% of consumers don’t want to do business with an organization that has been breached.

  • PCI breaches tend to be worse in scale than other types of information breaches (like PHI or PII), according to the 2016 Verizon DBIR.

  • Though PCI breaches account for just 27% of incidents, the median number of records lost is 53,100 (compare that with 1,000 for PHI and 761 for PII).

It’s pretty clear that it has never been more important for organizations to get compliance right.

(For a discussion of what can happen if you’re not HIPAA compliant, take a look at Can You Afford to NOT be HIPAA Compliant.)

So What’s the Remedy?

Navigating compliance can be tricky. But in the experience of many of our customers, it all starts with a PRIMER:

  • Planning
  • Risk Assessment
  • Control Maturity Assessment
  • Expert Relationships

There’s More! Compliance Webinar: Ask the Auditor & Customer

Is compliance a priority for you?

Join our upcoming webinar, hosted by Chris Gervais, Threat Stack’s VP of Engineering, and featuring Kevin Eberman, MineralTree’s Director of Ops along with Ryan Buckner, Principal and Auditor with Schellman.

Topics will include:

  • The technical requirements unique to achieving compliance in the cloud
  • Recommended steps to ensure a successful, low-pain process
  • Common pitfalls that organizations like MineralTree and yours may encounter during the compliance process

And, of course, the discussion will be open so our listeners can ask their own specific questions.

If you’re looking to gain more clarity, this webinar will give you a 360 degree view of this vital and complex topic.

Please join us at 12:00 Noon ET on Tuesday, April 25. You can find full webinar details here.

Previous Video
Ask the Auditor & Customer: Compliance in the Cloud
Ask the Auditor & Customer: Compliance in the Cloud

Watch this on-demand webinar with real-world auditor and customer MineralTree to learn requirements, proper...

Next Article
Allocating Resources for a Compliance Audit: A Practical Framework

When companies prepare to meet compliance, whether it’s PCI DSS, HIPAA, or SOC 2, one thing that can be est...

Get Access to Threat Stack's Cloud Security Platform

Start Trial

Access All Security Content

First Name
Last Name
Job Title
I'm interested in a demo of Threat Stack's cloud security solution
Yes, I'd like to opt-in to Threat Stack communications
Yes, I'd like to opt-in to Threat Stack communications
*We value your privacy - link to Privacy Page
Thank you!
Error - something went wrong!