Compliance is not the same thing as security. IT teams must be able to succeed at both. So how do you get there?