It is widely known that data breaches overall are on the rise and organisations continue to invest in new technologies to better safeguard their enterprises. However, if you dig a little deeper into the real stories you will find that it is more than just data breaches costing organisations – it is also lack of compliance.
For companies that have their data compromised, the situation is now even more worrying. The European Commission has outlined General Data Protection Regulation (GDPR) which will come down extremely hard on companies that fail to protect confidential data once in effect. For companies, the revised GDPR could mean hefty fines of up to 4% of global turnover or €20m Euros (£15.8m). So as cyber security attacks rise, so does the amount of regulations attempting to enforce better policies to protect personable identifiable information (PII). As a result, organisations are spending more and more money and internal effort to stay compliant around data privacy. Below are three steps to better driving data access compliancy through automation and self-service.
Step 1: Define the Good vs. the Bad
The first step is to identify the good and the bad as it relates to authorised application usage in your environment. In order to understand where your risk lies you must first survey your end points and identify where unauthorised software products, unauthorised executables and unmanaged patches exist.
The best way to do this is by leveraging a desktop analysing tool (such as RES) to track usage across physical and virtual environments to identify top used applications, least used, unauthorised applications and even unauthorised executables. From this you now have visibility into employee behaviour and can understand what your workforce is using on their endpoints.
Once you know what they are using, decide what is approved for use and start creating your whitelist to enforce policies around what your employees can and can’t download. The key to an effective whitelist is ensuring that it is context aware, easily scalable and updatable and finally quick to deploy. You can learn more about RES’ application whitelisting capabilities here.
Step 2: Automate the Delivery and Return of Access
The second step is to then automate the policy and processes for how access is granted or revoked based on the employee’s context and identity. This ensures that from a compliance stand point you have a baseline for auditing around why employees are given access and a standardised process for removing access when employees change their role or leave the organisation.
And policies don’t need to be based just on user behaviour but other organisational rules. For example, anyone can ask for access to Microsoft Visio but after 30 days it is automatically returned unless otherwise specified. Automated access management helps reduce costs by:
- Streamlining IT operations
- Expediting internal and external audits
- Preventing data breaches and fines
Step 3: Promote Self Service and Workflow
Step three might be the most important, which is around promoting self-service. And I don’t mean a static web portal page that takes in requests. I mean a dynamic solution that, based on employee requests, will dynamically adhere to fulfil the request or seek proper approval for the request based on defined workflows.
Why is this the most important step? Self-Service is the best way to handle exceptions to employee needs without the employee violating and adhering to policy. Most employees are not trying to be non-compliant. They are non-compliant because they have no other alternative to getting access to the applications and services they need to be productive. So, enable your employees to request access or, for example, upload an executable that has been blocked as it is not on the whitelist and have it automatically go through a set of workflows to gain approval.
Don’t wait – now is the time to act!
Implementing these three basic steps will get you well on your way to better compliance and security while reducing overall IT costs. It is vital that organisations take measures today to address external and internal threats, as well as protect yourself from the actions of careless employees. Many factors such as cloud, social media and mobility have introduced new and increased vulnerabilities into the digital workspace environment. Hackers can and will continue to exploit these vulnerabilities in increasingly new and creative ways.
Just remember that comprehensive security and compliance strategy doesn’t have to come at the cost of employee productivity or experience. Utilizing a people-centric approach to securing workspaces will protect against internal and external threats and give back more control to IT.
To learn more about how RES can help you meet security and compliance goals within a matter of days, read about RES ONE Security or contact a RES solution specialist today.