Still Playing Whack-A-Mole With Cloud Compliance? How to Simplify With Microsoft

It’s a challenging landscape out there in the world of compliance. Regulatory changes, data privacy concerns and evolving trends like the hybrid workplace are requiring companies to increase their focus on compliance, in all forms. Huge fines and potential brand damage from data breaches or the discovery of non-compliance by regulators can be crippling. Yet we see organizations continuing to struggle with how to deal with these compliance challenges most effectively.

We have traditionally seen a lack of rigor around how organizations protect their data and, as we close out 2021, there is still more work to be done. Businesses often turn to technology to help maintain compliance, hoping to move from living in a state of reaction and trying to respond to the next issue. Additionally, we see a lack of collaboration across organizations as internal teams continue to silo their risk management awareness. Compliance and privacy teams may know the regulations but are not experts in IT solutions to meet the evolving requirements. It can be a constant game of whack-a-mole trying to keep up with regulatory changes. But the good news is, if risk is managed well within an organization, compliance is a natural outcome.

How Microsoft Compliance Manager can help manage compliance in the cloud

In a recent webinar, we asked our audience how they are currently tracking their company’s compliance posture. While over half are using a third-party tool or an outsourced provider, a third are still using spreadsheets to track this critical objective, while seven percent were not tracking at all. This helps illustrate a point we strongly believe: the time is right to move to a single tool, which can easily be managed in-house to maintain security, data and regulatory compliance. Organizations invest a considerable amount of money moving to the cloud. We want to make sure that each client we work with is using the right tools to get the return on investment expected.

Enter Microsoft Compliance Manager. Compliance Manager is a Microsoft platform that helps organizations meet complex regulatory compliance obligations, including ISO 27001, ISO 27018, CCPA, GDPR, Gramm-Leach-Bliley, HIPAA, NIST 800-53, PCI-DSS, PIPEDA, Sarbanes-Oxley and others. In addition to out-of-the-box functionality, our solutions use the extensibility of Microsoft Compliance Manager to enable input and compliance monitoring of non-Microsoft assets, such as custom End User Developed Applications (EUDAs), for a full view of the client environment.

Most organizations already have basic Microsoft tools in place, but even those that do not will find that adding this security suite of products provides enhanced visibility into the security, risk, data privacy and ongoing compliance landscape of any organization. The solution offers intuitive management, scalable assessments and built-in automation that allows companies to quickly ramp up and continually track progress as their compliance journey evolves and grows.

Shared responsibility model


During that recent webinar, we also asked the audience which technology risk areas their organization needs visibility into. It was not surprising to see that they ranked these areas almost equally:

  • Cloud adoption and usage
  • Data protection
  • Third-party risk management
  • Privacy regulations

Taking the first steps can be daunting and as a result, we often hear clients ask: where do we start? Yes, the landscape of Microsoft compliance tools is vast and knowing where to start can be a challenge. Microsoft Compliance Manager provides a place to start the compliance journey.

We encourage our clients to build a risk and compliance culture of trust, where all compliance teams are connected, share insights and partner with business leaders to design effective standards and controls to prevent, detect and remediate compliance issues. Microsoft Compliance Manager supports and simplifies that effort.

This shared responsibility model is highlighted within Compliance Manager, so that auditors can easily see how the organization ensures it has the right level of controls. Compliance Manager also provides extensibility so that companies can:

  • Create or extend premium templates to assess a wide variety of assets and/or systems
  • Customize compliance requirements
  • Track organization-specific controls sets such as Sarbanes-Oxley, IT general controls, etc.

Next steps in the compliance journey

It’s true that compliance is more complex than ever before and is likely to continue on that trajectory for years to come. At Protiviti, our mission is to help clients not only succeed with their compliance efforts, but to excel. We are excited about the technology Microsoft Compliance Manager offers to help organizations deliver the right processes and people dedicated to minimizing risk and becoming the gold standard in compliance efforts.

Interested in learning more about how Compliance Manager can help solve risk and compliance challenges? Consider a compliance quick-start session, which will provide recommendations for deployment.

To learn more about our Microsoft compliance solutions, contact us.

Antonio Maio

Managing Director
Software Services

Jez Haisman

Technology Consulting - Protiviti UK

Jonathan Trillos

Associate Director
Security and Privacy

Subscribe to Topics

Protiviti’s Patrick Gilgour discusses how IT leaders should establish proactive and collaborative partnerships, while also touching on the importance of ongoing monitoring of key partnership metrics. #ProtivitiTech #CIO

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. #ProtivitiTech #Cybersecurity

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. #ProtivitiTech #Cybersecurity

“Privacy practitioners need to stay really in lockstep with what’s happening from an emerging perspective and be able to respond quickly,” says Sameer Ansari on approaching #Privacy training amid rapidly emerging technology. #ProtivitiTech

Research out of Protiviti and the London School Economics finds that the productivity of Gen Z and millennial workers is affected, in part, due to the friction with older managers. Learn more: #Protiviti #Generations

Load More