Is your organization GDPR compliant?
Febuary 22, 2018 | compliance, Audit
The compliance landscape with regard to data security is getting more and more stringent. Come May 2018, the General Data Protection Regulation (GDPR) comes into an effect. The regulation would make it mandatory for organizations-- doesn’t matter large or small-- to protect, store and process data of EU citizens in a secure manner. The regulation will also be applicable to non- EU based organizations that process personal information of EU citizens. Failure to comply with several laws of GDPR that seek to address “Access Controls” “Data Processing” “Data storage” “Data Protection” and “Audit & Reporting” issues would lead to stiff financial penalties.
Organizations will need to take measure of their preparedness as to information security. Essentially, data holders will need to ensure implementation of all the information security basics.
Educating workforce: Often data breach incidents take place due to unsuspecting staff clicking to malicious links, URLs, downloading malicious software (malwares). The growing culture of bring-your-own-device (BYOD) proliferates the data extrusion threats. Unambiguous corporate policy on Information Security coupled with workforce training should go a long way in protecting organizations critical information assets from being compromised by fraud emails, suspicious websites, malicious links and malwares.
Network security: Security Operation Centers (SOC) will need to strengthen security around data centers. Advanced cyber attacks are preventable if not stoppable if an organization has impregnable shield surrounding the outer periphery of IT systems. Advanced network security tools such as SIEM, Intrusion Detection and Prevention Management would help in a real-time network traffic analytics and keep malicious traffic at bay.
Safeguarding the Internal realm: Last but not the least, identity and access control management will require a closer look. Organizations will need to redraw rules around who is accessing what from where and when. With typical mid-scale enterprise managing 500-1000 privileged accounts, managing and monitoring privileged sessions becomes an uphill task. Most data breach incidents stem from misuse of privileged identities. Ensuring security of data assets by deploying automated tools such as Privileged Access Management will protect an enterprise’s internal realm from compromised insiders or malicious third party vendors that are privy to sensitive information. The solution not only provides an added layer of security around privileged accounts but its risk predictive technology also allows to keep a check on suspicious user behavior.
ARCON provides state-of-the-art technology aimed at mitigating information systems related risks. The company’s Privileged Access Management (PAM) / Privileged Identity Management (PIM) solution enables blocking unauthorized access to ‘privileged access’, while its Secure Configuration Management solution helps to comply with Governance, Risks, and Compliance (GRC) requirements .