Rain is hammering against your office window.
You take a sip of coffee as you scan through your emails.
That’s spam. *delete*
That’s spam. *delete*
That’s sp-… wait a second… what’s this?
An upcoming AUDIT?!?
Could this day get any worse?
Does this scene seem familiar at all?
Although I don’t work in GRC exactly, I have worked alongside it for many years now; certainly close enough to regularly get sucked into its gravitational pull. When I meet new people and tell them what I do for a living, they will sometimes ask “do you like audits?”, as if it’s a vocation or a calling. And the answer is… No. Of course not. Not even auditors “like” audits. They just like things to be done right, and I do too.
But why do we feel this way about audits, even when we know that they’re important? I think there’s a couple of reasons.
One is just the natural defensiveness that most people feel when their way of doing things is being evaluated and challenged by somebody else. Nobody likes to be judged and we can all fall into the trap of taking things personally. That’s a trap that can be avoided as long as you’re aware of it, and the more experience you get, the easier it becomes to detach yourself from that mindset.
The second reason why I think audits annoy us (and what I think is the main reason) is that they take up SO. MUCH. TIME.
You start out by reading the scope of the audit. Then you start to prepare, and it’s a scramble to gather the relevant documentation and evidence, constantly chasing people who’ve become suspiciously hard to track down since the audit was announced.
When you finally get hold of them, maybe you find out the documentation isn’t good enough, or worse still, that it doesn’t exist at all. You have to chase people some more, pressuring them, even encouraging them with cake where necessary (that last one sure works for me).
You think you’ve done all you can and then you meet with the auditors and show them all that you’ve prepared… only for them to tell you that it’s still not good enough. You’re thrust back into that cycle of scrambling, and all the while you’re thinking that this is just a distraction from your “real job”.
And finally, in the end, what do the audit results show? It’s nearly always just a case of telling you to do something you already knew you should have done, but you were too busy doing your “real job” to get to it. So, yeah… nobody “likes” audits.
But what if you didn’t need to scramble? What if all the information you needed was ready-to-go, up-to-date and accessible at the click of a button? That’s where Akeero can help — whether your organisation is big, small, or somewhere in-between.
Our platform identifies security and compliance requirements for complex architectures in minutes, and can effortlessly produce all the documentation you need to show an auditor that your team is doing things the right way.
Our intuitive user interface, combined with native integrations, allows your organisation to do this, with minimum impact to existing security and development toolsets and processes. We believe that Akeero delivers:
- Secure and compliant architecture designs
- Increased team and resource efficiency
- Reduced security spend and effort
- Increased speed to market for secure products and services
We can’t promise you’ll grow to like audits, but we can definitely take a lot of the pain away, leaving you with more time to concentrate on your “real job”.
Akeero automates product security design and compliance for cloud-native environments, enabling teams to deliver secure apps and networks better, faster.