Artificial intelligence and boundary loss will dominate the compliance landscape in 2024

Given the rapid changes in the regulatory compliance landscape, businesses will need to adapt to new challenges and circumstances in the coming year.

SC Media spoke with leading vendors in the industry who agreed that the compliance landscape is much the same as it was a few years ago, and that implementing new technologies and policies will require management to change their approach.

The full list of SC Awards 2024 winners can be viewed here.

Artificial Intelligence in the Spotlight

Artificial intelligence has permeated every aspect of the technology sector, and AI is no exception.

Vendors believe that as companies face tougher compliance requirements for more code and applications, AI could become an option. In such cases, automated systems could be used to sift through code and alert developers and administrators to possible vulnerabilities or data exposures.

Travis Howerton, co-founder and CEO of RegScale, winner of the 2024 SC Awards for Best Compliance Solution, told SC Media that he sees AI as a sort of assistant for those looking to stay compliant.

“They can make better risk-based decisions and take action,” Howerton explained. “Spend more time analyzing what the data is telling you and reduce risk in your organization.”

Emily Schwenke, director of archival product marketing at Mimecast, a 2024 SC Awards finalist for Best Secure Messaging Solution, told SC Media that as companies implement AI, there will be additional considerations and factors to consider.

“Data management and compliance are becoming increasingly difficult,” Schwenke explained.

“Humans are using AI, but we need to be careful about how we use it and what we reveal.”

Vendors expect that their customers will look for AI-powered features and options in compliance solutions in the future.

More regulations, stricter regulations

One concern that has come up for providers has been the growing number of international regulations regarding the processing and transportation of personal data. Not only do regulations like GDPR and FedRamp introduce new requirements for companies, but they also carry the potential for significant fines.

“We’re seeing real effectiveness from the regulations,” Howerton said.

“They understood that the carrot doesn’t work, but the stick does.”

Criminal laws are a new phenomenon in the market, Howerton said. While companies have had to consider the laws before, the consequences of running afoul of data regulations were more of a secondary concern.

However, the penalties and consequences of improper storage and transmission of confidential data can be much more severe and more burdensome for businesses.

Not only are regulations being enforced more rigorously, but there are also more of them.

In Europe, the Digital Operational Resources Act (DORA) will soon join GDPR, regulating how data is stored and transported. In the US, meanwhile, the FedRamp Act will move from guidance to binding law.

The fact that these laws apply only to particular continents is irrelevant given the increasingly global nature of software and data management.

Howerton noted that a U.S.-based company could still be part of a supply chain operating in Europe, making it just as liable for violations of these regulations as a European-based company, and vice versa.

“This creates a bloating effect,” Howerton noted, “making it seem like the scope never ends.”

But it’s not all bleak. Schwenke noted that in some cases, data protection restrictions have actually been relaxed. By leaving the EU, the UK in particular has become a much less sinister place for companies when it comes to data protection and compliance.

People assumed that data sovereignty regulations would be more important, but that didn’t happen,” Schwenke said.

“Nothing has tightened – controls have simply been loosened in the UK.”

Looking Ahead: More Platforms, More Demands

Looking ahead to the coming months and years, experts predict significant changes in the compliance space.

Schwenke said her company will focus on regulatory compliance on new platforms.

“The biggest issue is the data sources,” Schwenke said, explaining that with so many communication platforms and devices in use, managing data beyond email will become a priority for companies.

Howerton, on the other hand, believes that companies need to rise to the challenge of a rapidly evolving environment and the challenges that come with it.

“Most people use old tools to help them deal with these problems,” he said.

“The problem is that the modern world is breaking everything, and the tools are not designed for this environment.”

Discover more of the top cybersecurity trends for 2024 and 2025