Is your enterprise security compliant?
July 12, 2018 | Compliance, Data Policy
With mandatory GDPR (General Data Protection Regulation) and PCI DSS (Payment Card Industry Data Security Standard) compliances already making its way to protect the personal data and digital assets of late, any kind of non-compliance could cost companies dearly.
GDPR Compliance, already effective from May 2018, initiated some concerns from the organizations and expectations of the security department. The primary objective of GDPR is to protect all the citizens from privacy theft and data breaches in this data-driven world. There are many changes that have been made effective to the regulatory policies. The key GDPR standards had a large impact on business enterprises of late.
Arguably GDPR being the biggest revolution to the regulatory landscape of data privacy, the extended jurisdiction of GDPR is applicable to each and every organization irrespective of geographical location. It has been made very clear that GDPR will be applicable to the transactions or processing of personal or enterprise data. Any kind of breach of GDPR can be fined up to 4% of global turnover or €20 Million (whichever is greater) per year. In case of serious infringements like violating core privacy or ignoring adequate customer consent can also force the company to face penalties. GDPR has toughened the conditions for consent too. The companies will have to take valid customer consent in easily accessible form with a clear and plain language to conduct data process smoothly.
GDPR further demands reinforcing security controls in an already strong compliance landscape that includes regulations such as PCI DSS, HIPAA etc. As per PCI DSS regulation, the CDE (Card-holder Data Environments) should be monitored and maintained by administrators with the help of multiple authentication factors. PCI DSS also ensures periodic reports for critical security control systems mostly to detect and monitor suspicious activities. On the other hand, the importance of HIPAA (Health Insurance Portability and Accountability Act) compliance lies with computerized physician order entry (CPOE) systems, electronic health records (EHR), radiology, pharmacy, and laboratory systems.
In this critical juncture, highly robust access management and security control systems can keep every possible breach worries at bay. Most of the time, organization tend to ignore or pay meagre attention to the number of privileged identities existing in the IT eco-system. Hence, those accounts become vulnerable to malicious misuse. It becomes extremely challenging for the IT managers to continuously monitor those accounts specially when those accounts are shared and rotated among multiple people. Thus, in today’s IT environment, the inclusion of stringent GDPR regulation along with already effective SWIFT, PCI DSS, HIPAA etc. are ready with the snarl of hefty penalties if dishonored. Only enterprise-level Privilege Access Management (PAM) can give relief to the organizations from the fear of loosing their data and other critical assets.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.