48% of CIOs believe the likelihood of compliance failure was high or very high1
What Does It Mean to Be Compliant?
Enterprises today oversee an ever more complex regulatory environment as huge volumes of data continue to be amassed. Security breaches, the drive for better network efficiency, and the rise in regulatory activity on the heels of economic crises suggest an urgency for these organizations to explore more formal routine ways of making sure of the highest levels of security and compliance. CIOs are increasingly accountable for showing how compliance risks are managed. In a recent industry study1, 48 percent of CIOs believed the likelihood of compliance failure was high or very high. They anticipated significant challenges for risk and expected the consequences to be severe, with an ever expanding scope.
“The continual evolution of customer demands placed on the network to deliver on business outcomes has required an increased level of support from service partners,” claims IDC in a recent report2. “Customer requirements are well beyond having the network just work... now the network must deliver on mission-critical business services,delivered to an SLA. To meet this demand, support services must also evolve, not just to keep pace but to deliver on future needs.”
Many enterprises today still take a manual approach to regulating compliance in their environments and do not have the necessary subject matter expertise in house to manage issues fully. Networks and the regulatory landscape are both dynamic, making it difficult to implement and then maintain ongoing compliance with thousands of distributed devices and regulations across any particular organization. These approaches not only are insufficient, but also have costly implications and consume inordinate amounts of time and labor.
Mike Flannagan, senior director at Cisco Services, agrees. “Mitigating risk is at the top of everyone’s list,” he says. “An approach that uses software and automation to align the environment with corporate and regulatory policies significantly reduces the business risk of noncompliance.”
A healthcare company recently experienced the magnitude of staying compliant with one such regulation, the Health Insurance Portability and Accountability Act (HIPAA). The Cisco Compliance Management and Configuration Services (CMCS) team was able to generate specific reports that showed network details of what was optimized and where operational gaps existed in the healthcare company’s environment. The reports revealed that up to 98 percent of certain devices were out of compliance with HIPAA regulations, and, although other network segments showed higher compliance rates, nowhere in the company’s network did it have 100 percent compliance to HIPAA standards.
By having this visibility into the state of its network, not only does the customer now know what areas of the network on which it should focus first to address compliance and security issues, the company also has the means to maintain that compliance stance. Cisco CMCS provided the healthcare company a way to holistically manage this regulation (and more) with a targeted approach that automated and embedded the necessary policies in its system. CMCS removed the overwhelming change activity required, as well as costs and resources that would ordinarily be associated with bringing the customer back into compliance.
A leading financial institution with a top priority of managing technology and compliance risk found some compelling reasons to work with the Cisco CMCS team as well. It found it could make network changes more accurately and in less time. With the ability to create custom company-specific internal policies, the service could act as an independent governance tool, enabling the company to stay in compliance with not only industry regulations, but also the bank’s internal standards, a critical aspect of its business.
With Cisco CMCS, you can maximize stability, availability, and efficiency.
“When you talk about one configuration change, it’s not a lot of time,” says Flannagan. “Automation brings the real advantage of CMCS to the forefront. By executing up to 50 concurrent activities at once, we estimate saving nearly nine hours of work effort. That results in serious operational savings, but the real benefit is knowing that all 50 changes were executed with no accidental deviation from the approved change.”
With Cisco CMCS, you can maximize stability, availability, and efficiency through continuous monitoring and management compliance of devices in your network. With the service’s auditing and reporting capabilities, you also gain control and visibility. These benefits allow you to provide documentation for compliance audits and reallocate your IT resources to other strategic initiatives.
Cisco’s smart capabilities and intellectual capital, combined with people, processes, tools, and automation, enable the visibility our customers need to promote productivity with “always on” secure management. This supports an IT strategy for the workplace of the future, while delivering the intelligence enterprises need to address potential issues, quickly resolve those issues that arise, and support business continuity and growth.
Would you like to receive every issue of Cisco Services Dynamics magazine? Subscribe now to receive your free magazine hot off the press.
1. IBM, “The Essential CIO Study,” 2012.
2. IDC, “Cisco’s Continuing Services Evolution: Remote Management Services,”
December 2012; doc #238664.