IT Compliance Made Easy
As IT companies go global, the list of federal and industry compliance regulations grows ever longer – HIPAA, FISMA, PCI-DSS, Sarbanes-Oxley, and EU Data Protection Directive/Safe Harbor Privacy are just a few. As if IT departments didn’t have enough to deal with, compliance becomes even more complicated when you add in the increasingly common practice of employees bringing their own devices (BYOD) to work. In fact, employees are the weakest link in any compliance and security paradigm.
Despite the challenges of juggling so many moving pieces, recent security breeches with Home Depot and Target highlight that the stakes for ignoring compliance are higher than just penalties and fines. You also risk losing your customers’ trust. Here are our top 3 tips for shoring up employee access and improving compliance to protect your reputation.
1. Lock up sensitive data
Every day, devices used by employees are compromised. Whether that compromise comes from an email virus or it happens because a BYOD is lost or stolen, the quickest way to lose sensitive data is to let employees store unencrypted data anywhere. To handle this gaping security hole, set up IT that prevents employees from storing any sensitive data offline – unless its in the form of an encrypted file system that is separate from the operating system file.
2. Track, monitor, and store all data access events
Complete visibility into data access is a crucial aspect of compliance. You should always be tracking who, what, when, and how data is being accessed – and from which device. As an additional layer of protection, track and log data access events granularly, outputting them into a tool such as Splunk or SIEM (security information and events management).
3. Streamline data accessibility
No matter how well you’ve set up IT rules and guidelines, in the end compliance hinges on how well your employees follow them. If you’re not providing employees with the tools they need to do their jobs – or if your IT is simply too slow – it’s likely that shadow IT will become a problem. And the more shadow IT your employees use, the less visibility you’ll have when it comes to tracking data access.
VDI 2.0: Compliance Made Easy
The two biggest challenges to compliance are: 1) keeping data out of the hands of unauthorized users, and 2) tracking how employees access data. When you’ve accomplished these two tasks, you’ve gone a long way towards ensuring that in the event of a compliance audit, your company will pass with flying colors. And, you’ll also ensure that not only is your sensitive data protected, but so is your customers’.
The great thing about second generation VDI is that sensitive data is centralized in a secure data center. There, IT can better control and track all aspects of employee data access. VDI 2.0 can also easily scale, integrating with any tool at the click of a button. As a result, employees don’t need to resort to shadow IT. And your IT department can rollout any granular data tracking tool it needs, such as Splunk and SIEM.