Compliance Uncomplicated Episode 12: Transparency and Continuous Compliance Live From Drataverse
by Alexa Ovenshire
The atmosphere at our first-ever Drataverse was already electric, but the milestone moment of bringing our podcast series 'Compliance Uncomplicated' to a live audience for the first time added an extra layer of excitement.
This episode was a captivating exploration of the latest trends and intersection of security, compliance, and IT. Set against the backdrop of an evolving threat landscape, our expert panelists shed light on some of the most pressing issues in the industry.
Meet Our Moderator and Panelists
The Head of Governance, Risk, and Compliance at Dropbox, Tolga Erbay, moderated the lively panel conversation as well as the subsequent interactive audience Q&A. Tolga steered a thought-provoking discussion that tailored toward modern security and compliance challenges, with four other esteemed panelists:
Jonas Hirshfield, SVP of DevOps, IT & Cyber Security at Class
Alev Viggio, Director of Compliance at Drata
Metin Kortak, CTO at Rhymetec
Omer Cohen, CSO at Descope
Advice for Scaling Security, Risk, and Compliance
As organizations expand, scaling security and compliance effectively without compromising on quality becomes paramount. The panelists shared strategies and emphasized some of the common areas growing organizations should lean into.
1. Nail the Fundamentals
Tolga and the panelists discussed the critical importance of establishing a solid base by mastering the fundamental aspects of security and compliance. As the threat landscape evolves, having a strong foundation becomes pivotal in navigating the challenges effectively. This focus on fundamentals not only provides a robust defense, but it also acts as a springboard for preparing for and adopting advanced security measures.
“Security is hard, but it's really hard if you don't have the breadth of each of the fundamental pillars necessary. Getting that foundational bit across all the elements of security is really key." —Tolga Erbay, Dropbox
2. Prioritize Frameworks Based on Business Need
For organizations, choosing between frameworks like ISO 27001 and SOC 2 isn't arbitrary—it’s to ensure compliance efforts are relevant and effective. For scaling purposes, Omer advises organizations to evaluate their market dynamics and business structure before locking onto any particular framework.
“It's about accelerating the business. It's enabling the business. At some point it becomes a business enabler to be compliant at specific frameworks that your customers need." —Omer Cohen, Descope
If you need somewhere to start, Tolga advised that starting with “the most widely accepted, the most globally known” is usually the easiest way to get your foot in the door.
3. Identify the Weakest Spots in Your Security Program
Recognizing and addressing the weakest areas in one's security program is essential, so continuous assessment and feedback loops are crucial.
“All of that information is out there. It's really just about getting it on a regular basis. We have to be aware of those vulnerabilities. Subscribing to those newsletters, creating detection systems, or even using systems like Drata can help you.” —Metin Kortak, Rhymetec
Self-Service Security and Transparency With Trust Center
In the world of IT and compliance, transparency is more than just a value—it’s a critical pillar that builds and guides trust on an ongoing basis.
Panelists expressed their excitement for Drata's newly announced Trust Center Essential, a complimentary version of Trust Center. Trust Center Essential is a built-in, streamlined free version of Drata’s Trust Center, available to all customers. By centralizing security documentation and automating processes, it bridges the communication gap between businesses, prospects, and customers, and eliminates the hassles of repetitive security inquiries—enhancing transparency in both IT and compliance.
“Customers can quickly go to our Trust Center and get access to any information they need. From the compliance side, I appreciate when others do that for us and I like to provide that back to them as well.” —Alev Viggio, Drata
Continuous Compliance: The New Gold Standard
With the landscape of information security and compliance undergoing rapid changes, there's an ever-growing focus on maintaining a constant state of compliance. Continuous compliance tools—like Drata—make it easier for organizations to maintain and demonstrate their commitment to security and compliance standards, which ultimately elevates standards both within your organization and the industry as a whole.
This approach also holds organizations accountable for the trust and transparency they provide to their customers and prospects and ensures ongoing compliance is more than a standard—it's a competitive edge. The aim should always be to surpass the benchmarks, excelling and innovating beyond compliance frameworks alone.
“With continuous compliance, you really have to up your game as an organization. It raises the bar." —Jonas Hirshfield, Class
Listen to the Episode
For those who couldn't catch us live at Drataverse, this episode is jam-packed with insights. Listen for yourself and hear more wisdom from these industry experts by tuning into this episode on Spotify, Apple Podcasts, Amazon Music, Google Podcasts, and YouTube.
When it comes to security and compliance, transparency remains a key cornerstone to building trust and continuous compliance is leading the way. Learn more about how our tools can help at Drata’s website.
Want the latest updates on compliance news and insights? Subscribe to Trusted, the Drata newsletter.