What are the top priorities for infosec professionals as they work to integrate automation into their compliance programs? Mary Krzoska (Senior Market Advisor, AuditBoard) moderates an insightful discussion between Evan Childs (Director of InfoSec Risk Management, Activision) and Clara Howley (Senior Technical Compliance Analyst, The Trade Desk) that covers:
- The biggest challenges associated with incorporating automation into your compliance program.
- Actionable advice to overcome these challenges.
- Enabling teams to ensure buy-in and that everyone’s on the same page.
Watch the full conversation, and read the can’t-miss highlights below.
What are some of the biggest challenges that you are facing or have faced when you begin to incorporate automation into your compliance program?
Evan Childs, Activision: It involves understanding what your business is and where your business is going. To get buy-in and support for automation, you need a clear vision of how you’re going to use it. Of course, that comes with challenges – how do you continue to support all your activities and business operations, while building out an automated function for your compliance program? It’s crucial to not fall back on manual processes because they are familiar. Instead, take small steps to identify areas you can automate. Find your quick wins. Don’t boil the ocean overnight.
Clara Howley, The Trade Desk: Also, leadership support is incredibly important. If you have that support behind you, you can win the hearts and minds of all the people who will benefit from automation at the end of the day.
How can we start to overcome our challenges? Where do you begin?
Clara Howley, The Trade Desk: I would suggest having a quick win. What’s an easy win that you can automate? You can leverage this win to establish the value of automation. After that, ask yourself what the most manually intensive control is that would provide the most benefit to automate. Think through what matters most to you and your compliance program.
Evan Childs, Activision: Something you need to do in any compliance program is establish where your skeletons are. How are you performing? What’s the good, the bad, and the ugly? You need transparency with that. I’ve seen people try to paint a prettier picture because they’re worried leadership will question why things aren’t where they need to be. But to get leadership buy-in, you need transparency of where your baseline is.
Clara Howley, The Trade Desk: It’s a lot of trial and error. As you progress, you are going to find out what works and what doesn’t. It’s going to be a continuous process. You’ll continue to grow as the business grows. As far as leadership buy-in and the initial price tag associated with automation and compliance, it’s going to be more expensive upfront. But it will save manual effort down the road, and save potential issue deviations in the future. It may seem like a tough sell because of the price tag, but down the road, it’s really going to pay major dividends.
How can we enable our teams? How do we get buy-in and ensure that all team members are on board with the plan?
Evan Childs, Activision: You have to identify the stakeholders that consume, identify, and use the data. Then, take a small subsection and ask for their input on rolling out your compliance program. Find a targeted group and take them through the process with you. That way, they have a voice in the improvements and maturity of your automation process. To continue that narrative, this is when you bring it up to leadership and your stakeholders. Show your work through dashboards. I use dashboards every single day for compliance – to demonstrate how well I’m doing versus where we actually need to be as an organization.
Clara Howley, The Trade Desk: Automation really allows you to have so much data that helps you monitor your processes, improve them, and just know where everything is and where you want to go. Once people get used to automation in a few areas, they might even be asking for more automation in other areas and it will just continue on.
Evan Childs, Activision: You have to get uncomfortable to get comfortable. That being said, don’t stop what you’re doing today with all your manual aspects. Start slow – identify four or five small tasks that are done manually, and see how far you can go. Even small steps reduce the risk of human error. It’s iterative, it’s continuous. It’s crucial to constantly tweak your approach and make adjustments for use within your organization.
Looking for more thought leadership? Check out our on-demand webinar library, and stay tuned for more Expert Insight videos featuring industry leaders and experts discussing timely issues, insights, and experiences.