ComplianceSecOps: Modernizing Compliance



Modernizing compliance

Corporations are incurring billions of dollars in accounting-book-of-records (ABOR), software, and lost productivity costs every year to meet their regulatory burdens. Kyndryl’s Compliance Security and Operations (ComplianceSecOps) managed services offering provides continuous security, compliance, fraud, and risk management through autodiscovery, monitoring, testing, alerting, and remediation support. Harish Grama, global cloud practice leader at Kyndryl, offers his insights into Kyndryl’s solution.

Q1: How has digital transformation impacted the compliance challenge?

The short answer is, it’s making things very complicated, with growing complexity from hybrid cloud growth, evolving regulations, and the variety of new technologies and IT environments in use. Today ”the world” is the data center, and that requires a multilevel approach to risk mitigation relative to compliance and security. Organizations must be able to dissect application workloads and look at their behavior to make sure, when they send data across a network, that they have microsegmentation and a least-privilege model — or zero trust — enabled.

Q2: What is ComplianceSecOps, and how is it going to address compliance problems?

ComplianceSecOps is short for compliance security operations. It’s a managed services offering that ensures an integrated view into security and compliance, from development through operations. Most organizations rely on a preponderance of point solution tools and manual processes to gain insight into security and compliance concerns, and that’s not working. We bring together people, processes, and technology to advise, implement, and manage our clients’ transformations. ComplianceSecOps encompasses an organization’s cloud security posture, uses an application-workload-centric zero-trust-model approach for microsegmentation, incorporates a cloud-native application protection platform, and ties all data from this into an easy-to-consume governance format.

Q3: Why should businesses look to Kyndryl for help in this area?

We have tens of thousands of people delivering services every day to about 4,000 clients. Our focus is to decrease the cost of compliance and minimize the scope and potential costs of not being compliant. We take the most common use cases for clients and map them to a maturity model that illustrates where they are in that model, where they want to go, and the necessary steps to get there. We’ve already created the necessary work packages to do so.

Q4: How will Kyndryl engage with customers to implement ComplianceSecOps?

We have an agile process and can start delivering value within days. It’s not the typical big-consulting-group approach that takes two years to have an impact and in the interim everything has changed. We have a very flexible model for engagement and can deliver immediate business outcomes. We work with clients right away to discover and remediate noncompliance, providing clients with quick wins, and once we get the client into a good compliance state, we can provide the ongoing monitoring and remediation to keep them in that state. We typically see no disruption, because we run in parallel to our client’s environment, so we don’t use agents and never pull client data out of their environment.

To learn more about Kyndryl services, click here.