I was thinking about the push for compliance that we always hear about: “I need to be compliant to XYZ for reason ABC”, where you can fill in things like PCI, so you won’t be liable for a payment breach, or HIPAA, so you won’t be liable for a healthcare data breach.  This sounds great, as no one wants to be liable.  But does being compliant really make you secure?

As I was thinking about this, I remembered a great little video from a few years ago comparing compliance and security.  I think he really hit the nail on the head with his description, and I think we all need to remember that just because you are compliant, it does not mean you are necessarily secure.

While Green Rocket Security wants to assist you in your efforts to be compliant with regulations or standards that impact your organization, we believe that if you are secure, you will be compliant.  Our emphasis is on the security of your organization and how that can enable compliance.