Free Trial

GDPR

Ensure Continuous Security for GDPR

 

Compliance with the General Data Protection Regulation (GDPR) will become a requirement on May 25, 2018, for any company handling personal information belonging to EU citizens, irrespective of their physical location. Yes, organizations in North America will be affected. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). Is your organization ready for the toughest regulation ever imposed?

Deadline Quickly Approaching

For most organizations, GDPR will add a new level of complexity, and anything they can put in place to automate their compliance will be of benefit. GDPR influences how data and cybersecurity is handled both within and outside of the EU, on-premises and in the cloud. According to a study by Veritas, only 7% of organizations feel they are ready for GDPR- the vast majority are concerned about losing market share, diminishing brand perception or going out of business as a result of their current state of GDPR readiness. A single breach is all it takes to invoke GDPR fines of 4% of an organization’s annual revenues.

Webinar

Learn what GDPR means to US companies and a 60-day action plan to get you ready.

Watch Webinar

Getting Ready for GDPR

Getting ready for GDPR is about protecting individual’s personal data from breach or loss. From an infrastructure security perspective, this translates into the following broad requirements:

  • Auditing Personal Data Processing Systems: Ensuring that all user and admin activities in personal data processing systems is traceable at all times.
  • Monitoring Personal Data Processing Systems to ensure they are safe from software vulnerabilities
  • Personal Data Access controls: Ensure that access to systems storing or processing personal data is restricted to only users or programs that need it
  • Personal Data Security controls: Monitoring configuration settings for systems storing or processing personal data to prevent breaches and disclosure
  • Personal Data Transfer Security: Monitoring usage of encryption and network configuration to detect and/or prevent unauthorized transfers of personal data

These requirements apply to all systems that store or process personal data, regardless of whether they are on-premises or in public clouds. The same requirements apply to any organization handling EU resident/citizen data, including cloud service providers.

The Solution

Cavirin, leveraging deep expertise in industry best security practices and regulatory controls, has developed a GDPR Policy Pack consisting of nearly 4,400 infrastructure security controls tailored to the requirements for protecting and monitoring access to personal data, spanning various Operating Systems and their networking configurations. As an example, 400 policies pertain to protecting and monitoring Windows 10 machines. Organizations can assess their on-premises and public cloud infrastructure against this Policy Pack and gauge their GDPR readiness at a glance. More important, Cavirin helps organizations reach a “golden posture” with respect to GDPR compliance through targeted security remediation plans. Besides GDPR, organizations can also leverage 20 other policy packs spanning 80,000+ policies to protect and continuously monitor their infrastructure.

 

Download Solution Guide

Get Your GDPR Security Risk Score

To get an understanding of your security posture we’ll conduct a live GDPR assessment of your on-premise or cloud-based workloads, including Docker. You’ll see an overall score across all frameworks tested, and can even drill-down by OS, individual policy packs (other then GDPR if desired), and even specific control families. The score offers you a common view across multiple OSs with no conflicting guidance, and can even span on-premise and multiple cloud service providers.

 

Get GDPR Risk Score

© 2018 Cavirin Systems, Inc. All rights reserved.