Compliance pressures often push companies to make security improvements they wouldn't have tackled otherwise. More budget goes toward technology needed to protect customer data. New policies are created to rein in what employees do online with company machines. But there's a dark side to this story.
In the mad rush to comply -- whether the stick takes the shape of PCI DSS or the Red Flags Rule -- companies sometimes make decisions that weaken their security. Poorly chosen and deployed IT security technology is perhaps the best example; for more on that, see " How to Make Things Worse With IT Security Technology.

The link for this article located at Network World is no longer available.