The EU General Data Protection Regulation (GDPR) comes into force in May 2018, affecting all organizations based in, or doing business with, countries in the EU. The GDPR’s primary focus is to protect personal information. This includes the obvious – names, contact details and financial information – but also some elements you may not have considered – dates of birth and IP addresses.
The various articles of the GDPR place great demands on organizations to install robust data protection processes, procedures, tools and technologies – and also to be able to demonstrate the actions that they have taken.
Restorepoint and Universal Console (UC) can help forward-thinking organizations get ahead of the GDPR now, and demonstrate ongoing compliance once it has come into force.
Article 25 of the GDPR states that organizations must deliver robust data protection both by design (that is, appropriate technical and organizational measures must be deliberately taken), and by default (that is, the onus must not be on individuals to opt-in to having their data protected).
Universal Console is able to both secure access to systems that control or store personal data, and leave a comprehensive audit trail, so that security can be clearly demonstrated. It acts as a single access gateway to all servers and network devices, eliminating two of the most common security risks today: privileged user access and lack of unified audit controls.
UC eliminates shared user credentials and passwords, controlling access to systems on a per-user basis, without modifying the target system. Administrators gain tight control over who has access to which information, and can alter these permissions at the touch of a button. Recording and playback features enable them to review user sessions the actions they performed; it is also quick and easy to suspend or revoke access automatically when employees or contractor perform prohibited actions, or when they leave the company. It has never been easier to have a comprehensive overview of who has access to what data.
Article 32 of the GDPR demands that organizations ‘ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services’. By securing access to data throughout your organisation using UC, one can both help to maintain data confidentiality, and ensure clear records of access to that data.
Article 32 also requires that organizations are able to ‘restore the availability and access to personal data in a timely manner in the event of a physical or technical incident’. Restorepoint helps ensure that the processing systems and services underpinning the handling of personal data are highly available and resilient by centralizing the backup of network configurations from over 100 networks, security and storage vendors. With its simple one-click recovery process, Restorepoint can greatly speed up the restoration of services following an outage caused by hardware failure, unauthorized, or incorrect configuration changes. Unlike scripting solutions that require time and expertise to setup, Restorepoint can be deployed and be protecting the network within minutes.
Article 32 of the GDPR demands that organizations instigate a ‘process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing’. Here, once again, Restorepoint helps fulfil the GDPR’s criteria. It not only ensures that recovery from outages is as quick and straightforward as possible, but it also delivers comprehensive auditing of system configurations for compliance purposes.
Restorepoint's compliance engine provides continual visibility of compliance status by automatically detecting changes in configuration, tracking against configuration policies and baselines, without intrusive network scans.
Policies are easily created and applied to multiple network devices, with compliance analysis performed automatically each time a network device is backed-up. Alerts can be forwarded to SIEM products (syslog), monitoring platforms (SNMP), sent via Email, or retrieved via the API.