2020 brought a number of major changes to the GRC landscape in the form of adoption of new technologies and significant modifications to data protection requirements. In this article, we explore three of the top concerns for GRC programs in 2021.

1. The Move to the Cloud

Widespread cloud adoption predates the COVID-19 pandemic, but the pandemic accelerated this trend. As remote work becomes commonplace, the use of cloud-based infrastructure to host critical data and applications has grown dramatically. However, while the cloud provides a number of benefits to the business, it also introduces cybersecurity risks and challenges.

One of the biggest challenges of securing the cloud is visibility. Historically, many organizations have had a perimeter-focused security strategy, where network monitoring and security solutions were deployed at the network perimeter. This approach no longer works for the cloud because the network perimeter is no longer an on-prem firewall, it’s the Internet.

In addition to this lack of network visibility is a lack of data visibility in the cloud. Enterprises often don’t know what data they have in the cloud, but this doesn’t mean that they give up the responsibility for securing it. Companies still need to comply with CMMC, HITRUST, HIPAA, PCI DSS, etc. in their cloud infrastructure and should ensure that their GRC program takes cloud risks and challenges into account.

2. The Cybersecurity Talent Shortage

The cybersecurity industry is experiencing a massive talent shortage. As skilled personnel becomes difficult and expensive to acquire, a reliance on manual processes is an unsustainable strategy.

This means that, when designing and building a GRC program, it is essential to consider whether or not the organization has the talent and resources needed to sustain it. Building a GRC program that will last requires identifying opportunities to leverage technology to optimize processes and amplify the effectiveness of limited skilled personnel. In 2021, organizations should examine their GRC programs to verify that it has the resources that it needs to succeed and is moving in the right direction.

3. Aligning GRC Strategies With Corporate Culture

The purpose of a GRC program is to manage enterprise risk and compliance and to help the business to achieve its goals. Too much focus on the first at the expense of the second creates a program that is doomed to failure.

GRC is important to any organization, but if it is in conflict with corporate culture and business goals, then GRC will lose. While the organization may have a functional GRC program on paper, it only provides benefit to the company if it is actually carried out.

In 2021, organizations should take a careful look at their GRC programs and at the needs and objectives of the business as a whole. Identifying and amplifying how GRC strategies can help support and achieve other business goals can help ensure that a corporate GRC program is sustainable.

How MorganFranklin Can Help

GRC programs are not “one size fits all”. They need to be tailored to an organization’s unique environment, needs, and corporate culture. MorganFranklin advisors can help to design or update a GRC program to make it more effective and sustainable in 2021.

Talk to one of our cybersecurity experts