Firewall management is a necessary, but tedious and time-consuming effort. It also requires industry-specific expertise in order to avoid costly security breaches which can jeopardize compliance requirements.
Meeting compliance requirements for your specific industry can occupy a significant amount of your IT professional’s time. Additionally, it can be difficult to find an IT expert with the appropriate industry experience to ensure all of your compliance requirements are met and your network is protected against unauthorized access.
On May 25, 2018, the Global Data Protection Regulations (GDPR) will be law throughout the European Union. This means that if you do business in the EU, and subsequently store or otherwise process data about EU citizens, you are subject to the new regulations, and the significant fines associated with noncompliance. If you’re in that category, I hope this is not the first time you’re hearing of this news. If so, let this be just the tip of the iceberg of research and consultation you will undertake, rather quickly, to ensure compliance.
Before I begin the review, here is the link to the product so you can look for yourself: Microsoft Compliance Manager
Easing compliance tasks is on the wishlist of many companies not only for the upcoming GDPR readiness date but for several other regulations. Microsoft has made a great attempt to solve some compliance problems but the amount of work to complete the process is still fairly large.
The Compliance Manager’s aim to give you a scorecard of your current status. At first login, you’ll be faced with several areas to complete documentation. Many of these are overwhelming, for instance we had a couple hundred activities to complete for NIST 800-53 alone. These activities equate to points which makes the thousand point “scores” a bit easier to take.
I have recently jumped head first into a number of compliance initiatives both for our internal needs as well as for our customers. To say that I have learned a lot in 3 months is an understatement. I was working with a compliance consultant who at the beginning of the exercise said, “Mike, you seem like you know a little about this stuff and you could probably play a compliance consultant in a movie but we’ve got a lot of work to do.” Not the comment I was looking for at the time but I am always up for a challenge. (By the way, what movie would need an actor to play a compliance consultant?)