Integrating Security and Compliance Teams to Curb Modern Risks

Colin Fallwell
Sumo Logic
Learn more about Sumo Logic

As the world's technology rapidly evolved and threats skyrocketed in the cloud, the need for security and compliance teams to come together to protect organizations and their customers has never been more important. Unfortunately, this hasn't happened yet.


In partnership with Enterprise Management Associates (EMA), we polled 204 technology and business leaders in North America from more than ten industry verticals to investigate this theme. The research found that most organizations recognize the importance of managing both compliance and security functions in-house. Nearly 83% of respondents said that a corporate employee was responsible for information security and 88% said that IT audit and compliance functions are also handled internally.

Yet, while most organizations run internal compliance and security teams, their status is not weighted equally. Compliance imperatives typically drive security priorities. However, organizations' combined security and compliance postures will be better served when both teams work together, and budgets and investments should reflect that equal importance.

Key takeaways from the research include:

Security and compliance ownership and budgets are splintered

Security and compliance ownership and budgets are splintered. They often operate with different teams, budgets and investment levels, but they need to work together to better protect the organization's posture instead.

■ 47% said that IT owns the security budget, while 11% noted that compliance is the security budget owner.

■ In the future, 86% of those surveyed plan to make a significant investment in compliance solutions and data privacy, while just over half (52%) will make a significant investment in a security management suite.

Compliance challenges amplified by rapidly growing IT environments

Compliance challenges are amplified by rapidly growing and global IT environments with different regulatory climates.

■ 39% of respondents said having multiple IT environments with different requirements is their primary compliance challenge.

■ 40% of organizations have postponed security projects to address regulatory compliance concerns.

■ 68% believe their regulatory compliance programs are a competitive differentiator.

■ 75% said that they are using existing tools or evaluating new tools to address data privacy.

compliance needs driving cybersecurity priorities

Organizations' compliance needs are driving cybersecurity priorities, causing teams to alter security strategies to align with requirements.

■ 67% said that data privacy regulations like GDPR, CCPA or changing data controls were their biggest compliance challenges.

■ 38% said that data security and privacy was the greatest security challenge in their organization

■ 25% stated that information security projects are dependent on compliance projects

■ 76% said that compliance has completely or significantly shifted their security strategy

Compliance and security teams must work together

Compliance and security teams must work together to best manage a mature and robust program, while maintaining numerous attestations and controls globally.

■ 89% indicated that the priorities of the security and compliance teams were aligned.

■ 85% stated that the security tools used adequately address compliance considerations.

■ 59% indicated that data privacy regulations have impacted their approach to security.

Integrated Security and Compliance Solutions

This survey also signaled the growing demand for integrated security and compliance solutions that increase visibility while mitigating emerging threats and privacy regulations. When organizations prioritize DevSecOps, they can better maintain compliance, especially as they are expected to comply with multiple standards, including PCI, HIPAA, PII, SOC and GDPR, in highly regulated industries.

It is undeniable that all organizations will benefit from incorporating a security-centric culture and fostering better collaboration between security and compliance teams. Organizations must adopt solutions that provide real-time monitoring for continuous compliance and help maintain system security.

Colin Fallwell is Field CTO of Sumo Logic

Related Links

Hot Topics

Related Vendors

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...

Integrating Security and Compliance Teams to Curb Modern Risks

Colin Fallwell
Sumo Logic
Learn more about Sumo Logic

As the world's technology rapidly evolved and threats skyrocketed in the cloud, the need for security and compliance teams to come together to protect organizations and their customers has never been more important. Unfortunately, this hasn't happened yet.


In partnership with Enterprise Management Associates (EMA), we polled 204 technology and business leaders in North America from more than ten industry verticals to investigate this theme. The research found that most organizations recognize the importance of managing both compliance and security functions in-house. Nearly 83% of respondents said that a corporate employee was responsible for information security and 88% said that IT audit and compliance functions are also handled internally.

Yet, while most organizations run internal compliance and security teams, their status is not weighted equally. Compliance imperatives typically drive security priorities. However, organizations' combined security and compliance postures will be better served when both teams work together, and budgets and investments should reflect that equal importance.

Key takeaways from the research include:

Security and compliance ownership and budgets are splintered

Security and compliance ownership and budgets are splintered. They often operate with different teams, budgets and investment levels, but they need to work together to better protect the organization's posture instead.

■ 47% said that IT owns the security budget, while 11% noted that compliance is the security budget owner.

■ In the future, 86% of those surveyed plan to make a significant investment in compliance solutions and data privacy, while just over half (52%) will make a significant investment in a security management suite.

Compliance challenges amplified by rapidly growing IT environments

Compliance challenges are amplified by rapidly growing and global IT environments with different regulatory climates.

■ 39% of respondents said having multiple IT environments with different requirements is their primary compliance challenge.

■ 40% of organizations have postponed security projects to address regulatory compliance concerns.

■ 68% believe their regulatory compliance programs are a competitive differentiator.

■ 75% said that they are using existing tools or evaluating new tools to address data privacy.

compliance needs driving cybersecurity priorities

Organizations' compliance needs are driving cybersecurity priorities, causing teams to alter security strategies to align with requirements.

■ 67% said that data privacy regulations like GDPR, CCPA or changing data controls were their biggest compliance challenges.

■ 38% said that data security and privacy was the greatest security challenge in their organization

■ 25% stated that information security projects are dependent on compliance projects

■ 76% said that compliance has completely or significantly shifted their security strategy

Compliance and security teams must work together

Compliance and security teams must work together to best manage a mature and robust program, while maintaining numerous attestations and controls globally.

■ 89% indicated that the priorities of the security and compliance teams were aligned.

■ 85% stated that the security tools used adequately address compliance considerations.

■ 59% indicated that data privacy regulations have impacted their approach to security.

Integrated Security and Compliance Solutions

This survey also signaled the growing demand for integrated security and compliance solutions that increase visibility while mitigating emerging threats and privacy regulations. When organizations prioritize DevSecOps, they can better maintain compliance, especially as they are expected to comply with multiple standards, including PCI, HIPAA, PII, SOC and GDPR, in highly regulated industries.

It is undeniable that all organizations will benefit from incorporating a security-centric culture and fostering better collaboration between security and compliance teams. Organizations must adopt solutions that provide real-time monitoring for continuous compliance and help maintain system security.

Colin Fallwell is Field CTO of Sumo Logic

Related Links

Hot Topics

Related Vendors

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...