4 Tech Trends That Will Impact Risk and Compliance Efforts in 2014


Once business organizations reach a certain size, their leaders have to start thinking systematically about how to structure reporting relationships to ensure vital information reaches the top; how to identify and account for the internal and external risks that could hobble the company; and how to ensure the organization is complying with a skein of local, state, and federal laws and regulations. This area of “governance, risk, and compliance” or GRC is the one that my company, MetricStream, helps people with. And like every executive, I try to stay aware of the trends affecting my industry.

Many of the larger trends that dominated the tech news in 2013—including social media, big data, mobility, and the cloud—promise to affect risk and compliance efforts in specific ways in the coming year. Organizations have realized the business benefits of these technologies, and will now look for effective ways of managing the associated risks and regulations. In that context, here are four key technology trends that will shape risk and compliance efforts in 2014:

Social Media Strategies Will Place Greater Emphasis on Risk Monitoring

Social media is fast gaining acceptance as a formal channel of business communication. Even the SEC has ruled that social media can be used to disclose key company information in compliance with Regulation Fair Disclosure (FD).

LinkedIn, YouTube, Google+, Pinterest, Tumblr…all these social media sites have opened up exciting ways of connecting with customers. And with Facebook and Twitter going public, there might be new paid opportunities for businesses to market themselves via social networks.

However, a series of hacker attacks this year on the Twitter accounts of prestigious news sources such as The Guardian and the Associated Press revealed how social media can be an organization’s weakest point of defense, posing risks to information security, reputation, legal/ compliance, and a number of other business areas.

Responding to these risks, the Financial Industry Regulatory Authority (FINRA), the Federal Financial Institutions Examination Council (FFIEC), and the Federal Trade Commission (FTC) have begun issuing multiple social media guidelines.

Therefore, in 2014, companies are likely to broaden their social media focus beyond marketing/ communications, to include real-time risk monitoring and compliance. It will become increasingly important to use advanced social media analytics to filter through online conversations, and detect risks and non-compliance incidents.

The Bring-Your-Own-Device (BYOD) Tug-of-War Will Intensify

A 2013 CISCO survey predicted that the number of BYOD devices in U.S. workplaces will reach 108 million by 2016 . This increasing adoption of BYOD means better efficiency and cost savings for companies, and more work-life flexibility for employees.

But what if a personal device with confidential business information gets stolen or a user-installed app on the device is compromised by malware and the security and confidentiality of business data is put at risk?

In 2014, we are likely to see a greater tension between the need to protect corporate data, and the demand for BYOD flexibility; between management oversight of BYOD activities, and employees’ privacy rights.

At some point, we will have to strike a balance by defining what is acceptable and unacceptable in BYOD; implementing mature policies and best practices; and addressing questions such as: Can companies enforce restrictions for personal devices? What levels of support should corporate IT departments provide for these devices? Should organizations be authorized to wipe the devices clean of data if they are stolen?

Big Data Will Be Used to Drive Risk Decision-Making

In 2013, the buzz around big data prompted companies worldwide to start developing tools and processes that could analyze massive volumes of enterprise data, and transform it into meaningful insights. Pilot programs were launched, and data sources identified.

In 2014, we are likely to see the fruits of that labor. Big data will now be used to drive risk-informed decision-making. Organizations will leverage advanced big data analytics to filter through enterprise data, identify patterns of potential risk, and develop risk predictions and forecasts. Big data tools will be accessible not only to statisticians and engineers but also to regular business users and management teams.

Big data will be especially beneficial to information security and IT risk management. It will offer us the chance to aggregate and correlate data from a variety of sources—including vulnerability scanners, fraud detectors, identity access management systems, and threat advisory feeds—in order to derive meaningful risk and threat intelligence that can, in turn, be used to detect and predict advanced attacks.

Internet Security Will Witness New Innovations

The proliferation of Internet-based applications, anytime-anywhere connectivity, mobility, unlimited data storage capacity, and of course, advanced cloud computing models has allowed businesses to manage almost all their activities and data online.

In the process, cybersecurity risks and issues have become more troubling than ever. No organization is safe from these threats, which are growing increasingly sophisticated and complex, and entering through multiple access points in corporate data and systems. The 2013 Symantec Internet Security Threat Report revealed that last year alone, there was a 42 percent increase in targeted attacks.

But the actual situation on the ground may be far more dangerous than reported – 57 percent of malware analysts say that their organizations have not disclosed data breaches, according to a blind survey conducted by ThreatTrack Security.

Faced with these risks, organizations are likely to step up their cybersecurity efforts in 2014 by monitoring their Internet activities more closely, strengthening cybersecurity controls, and streamlining security processes. We might also see more collaboration with peers and experts in the field, and a greater focus on investing skills and resources in developing new cybersecurity innovations.


I’m excited to see what the year 2014 holds in terms of new technology opportunities. As always, the companies that strike a good balance between these opportunities and the associated risks will be the ones to succeed. On that note, I wish you and your business a successful and profitable year ahead.

Shellye Archambeau is CEO of MetricStream, a Palo Alto, CA-based company offering governance, risk, compliance, and quality management solutions to enterprises in the pharmaceutical, medical device, high tech manufacturing, energy, financial services, healthcare, manufacturing, food and beverage, and automotive industries. Follow @metricstream

Trending on Xconomy