In 2023, viewing compliance as a business differentiator has transformed how companies approach growth and security in new markets.

Coalfire, a tech-enabled services company, focuses on compliance, regulations and cybersecurity programs for mostly large enterprise customers. Scaling security and compliance efforts is not feasible with just people and manual processes, technology is necessary to keep up with the growing attack surface and regulations, according to Tom McAndrew (pictured), chief executive officer of Coalfire.

Coalfire Systems’ CEO, Tom McAndrew, talks to theCUBE about compliance as business differentiator.

“I’m spending a lot of time with boards and executives that are trying to grapple with cloud migration, generative AI and some of the new SEC disclosure laws and saying, what should we be doing at the executive level as we think of cybersecurity,” he asked.

McAndrew spoke with theCUBE Research’s Dave Vellante and Shelly Kramer at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how technology is essential for scaling security and compliance efforts. (* Disclosure below.)

How compliance drives business growth and security

Breaches and ransomware attacks are prompting questions about the root cause and whether negligence or lack of investment in cybersecurity tools and personnel is to blame. It’s important for organizations to find the right balance in disclosing breaches and managing cybersecurity, as the consequences of underestimating the impact can be significant, McAndrew explained.

“The lessons learned for folks is being very careful about what’s in that 10-K and public statement,” he said. “For those of us that are private that don’t have to live with the SEC laws, department of Homeland Security has a draft notice too, that would require similar reporting on breaches for all companies. That is a new trend that once you have to say what you’re doing proactively, that’s a challenge.”

Coalfire is addressing cybersecurity challenges for large organizations by integrating solutions, consolidating vendors, navigating AWS and securing funding for cloud services, McAndrew stated.

“Most organizations are not built to fight nation-state attacks. And even if you are, what’s going to happen,” he asked. “Our national security policy is to take the work away from smaller organizations and push the burden on the larger providers. What happens when those larger providers fail? That’s the challenge that we’re trying to work with today.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the RSA Conference:

(* Disclosure: TheCUBE is a paid media partner for the RSA Conference. Neither RSA Conference LLC, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE