[MUSIC PLAYING] Hello, and welcome to the fourth and final episode of the series Continuous Compliance In a Chaotic World. My name is Thom Brainard, Product Marketing Manager at Dell Software, and I'll be your host for this series. If you're watching this series, you already know that IT governance risk and compliance-- or GRC-- play a vital role in the operations of most organizations.
In the first episode, we talked about the changing IT landscape and common IT GRC failures. In the second episode, we went a little deeper and discussed what organizations can do to lay the groundwork for good IT GRC and why it's important to have a combined security and compliance plan. And in the last episode, we went even further and addressed the challenges of maintaining external compliance regulations and internal policies, as well as how Dell's IT GRC solutions can ease the complexity of auditing and reporting.
In this final episode, we'll talk about how Dell Software can help manage the ever-evolving landscape of risk with continuous compliance. Joining me today is Tim Sedlack, Senior Product Manager for our IT GRC Solutions at Dell Software. Welcome to the show, Tim.
Thanks for having me back, Thom.
So Tim, what is continuous compliance?
Continuous compliance is a way of maintaining security and compliance so that you can handle the dynamic nature of IT services-- users, regulations, and other aspects that are in a constant state of flux-- and having the confidence that you're in control of your entire IT environment.
So why is it critical to have continuous compliance?
Well, I know a lot of people feel that compliance can be checklist-oriented in their requirements for security controls. This is a negative aspect of compliance regulations in that you really need to consider it as the bare minimum that you need to have in order to remain in compliance. You really need to be continuously compliant, maintaining your environment for an audit at any time, 24/7, 365 days a year.
In essence, if you had a checklist, that's backward-looking. But you really need to have more of a solution that is forward-looking?
Right. You want to be proactive in encompassing any new aspects-- new services, new software-- that you're introducing into your environment. You're grasping the aspects of regulations that are changing and making sure that you're in control of your environment and not the other way around.
So Tim, that begs the question-- how can organizations adopt continuous compliance?
Well, I know I mentioned previously that we've got a lifecycle built around governance risk and compliance and a set of tools that can help users get in compliance and stay in compliance. So you always know and are being proactive about the compliance and security in your organizations with things like Enterprise Reporter for assessment of your environment and real time reporting of what's going on.
You've got Change Auditor that's capturing real time changes across your Microsoft enterprise in different applications and services. You've got things like Recovery Manager that give you the capability to restore from the individual attribute level all the way up to the forest. So you know you're covered from all aspects of a disaster. And you know you're remaining in compliance and you're the most secure you can be.
How important are audit-ready reports?
Audit-ready reports are key not just for external auditors, but for your management team to understand that you're in compliance and you have controls in place that keep you compliant-- continuously compliant-- with Dell Software.
Great. So Tim, before we let you go, do you have any success stories you can share with the viewers?
Absolutely. We work with many customers around the world. And I would say one of the key successes we've had is with financial organizations that need to remain compliant with Sarbanes-Oxley and PCI DSS to protect credit card data. We've got out-of-the-box reports in many of the tools that I talked about that demonstrate control and keep you in control, rather than sitting back waiting for the auditors to ask you questions and then searching for that data. So I would say Dell Solutions really give you that proactive stance that you're looking for.
How about HIPAA?
HIPAA, as well. We're seeing a lot of uptake from people involved in protecting patient data who are looking for ways to be continuously compliant, to protect that patient data, and to have controls in place that allow them to know who's using the data, who has access to data, and when the situation changes.
So good stuff, as usual, Tim. Thanks. If our viewers want to reach you, how can they do that?
The best way to reach me is through email. You can reach me at firstname.lastname@example.org.
Well, that's all we have time for today. Thanks for joining us, Tim.
Thank you, Thom.
Tim explained how Dell can help manage the evolving landscape of risk with continuous compliance. If you'd like to learn more about how solutions from Dell Software can help address IT GRC, please visit dellsoftware.com/itgrc. Thanks for watching.