Experts on Experts: Why Compliance is becoming Continuous
Rapid7, Thursday, May 28th, 2026
Compliance is shifting from point-in-time exercises to continuous processes as frameworks like NIS2 and DORA demand ongoing accountability.
Rapid7's Director of Trust, Risk, and Compliance Sergio Alonso discusses how compliance practices are fundamentally changing in response to evolving regulatory frameworks like NIS2 and DORA that emphasize continuous resilience and accountability.
The conversation highlights a significant gap between the operational data security teams generate daily and the evidence required by regulators and auditors, with organizations struggling to automate manual compliance reporting efforts.
A key insight is that organizations traditionally treating compliance as separate from security operations are making the most progress by integrating the two functions, viewing compliance as part of the operational workflow rather than merely a reporting layer.
As cloud environments and faster release cycles create challenges in proving consistent control effectiveness over time, the focus is shifting toward reducing manual effort, improving visibility, and establishing clear ownership across compliance and security domains.