Constant Vigilance: Automating GDPR Compliance

The COVID-19 pandemic has created the most distributed workforce in history, and with it comes new concerns about data privacy and control. Consider the dilemma of notifying employees that a team member has contracted the coronavirus; or imagine how healthcare organisations, in a rush to contain the virus, must sprint to share data in real time, even without the consent of patients.

What’s more, our remote workforce virtually ensures an increase in the number of unprotected backups due to employees transferring large numbers of files to local machines, putting confidential or proprietary data on local devices for attackers to access. Likewise, DevOps teams working remotely and under extreme pressure are more likely to increase accidental loss. In their haste or under new procedures, they may misconfigure servers or leave them exposed.

For those managing data to meet regulatory requirements, there has never been a more urgent time to add Cloud Security Posture Management (CSPM) tools to your cybersecurity arsenal. CSPM solutions automate the detection of accidental threats from within an organization such as misconfigurations or open S3 buckets. The Armor Automated Security and Compliance solution is a CSPM option that provides compliance assessments for PCI, HIPAA, GDPR, and cloud-specific best practice frameworks such as NIST CSF. This allows companies to establish baselines for their environment and then measure improvement or drift from that baseline on a continual basis. ​

Armor Automated Security and Compliance provides visibility into both security and compliance gaps within an environment. Visibility is often viewed as the first step towards having an effective security posture in any environment. ​CSPM tools are generally well-accepted by developers and DevOps teams as they do not tend to disrupt their deployment processes. CSPMs also allow them to identify pesky configuration issues that have been the cause of so many data breaches. The solution enables developers to move fast and still have some guiderails in place to alert them to natural human errors and mistakes.

In April, the European Data Protection Board (EDPB) announced that data protection rules (such as GDPR) would not slow the work of anyone fighting the pandemic. Some fines, like those for British Airways and Marriott have been deferred until later in the year. However, the EDPB did make note that even in these exceptional times data controllers and processors must ensure the protection of personal information. While the EDPB did say that organisations would not be penalized for delays in notifications or consumer requests for one month (three months in complex cases), the board made an important distinction, stating that an organisation is responsible for communication. In the end, their direction was clear: Even under chaotic circumstances, consumer privacy laws apply.

In times of chaos, it may be easier to focus on the things that are most critical to business continuity: keeping employees safe, serving customers under difficult circumstances, maintaining revenue wherever it can be found. But we must also remember to keep constant vigilance over the other assets that are critical to our business.

Find out more about how Armor Automated Security and Compliance provides industry-leading cloud security posture management (CSPM) capabilities to continuously discover, assess, and report on security and compliance controls in place across your public cloud environments.

Cloud-Native Security Analytics: AASC’s cloud security and compliance service makes security analytics simpler. Machine learning correlates disparate data sets across all your cloud environments to deliver real-time risk status for every API-connected resource, while threat intelligence feeds enable SecOps teams to prioritize the most critical vulnerabilities and keep pace with DevOps teams.​

Comprehensive Cloud Data Research: The cloud-focused division of the Palo Alto Networks Unit 42 threat research team gathers, researches, and analyzes data from AASC to uncover the latest cyberthreats in the cloud. Understand common risks and trends in the cloud, and feel confident you’re paying attention to the right issues in your AWS®, Azure®, and Google Cloud environments.​

Unified Visibility of Risks Across Environments : AASC reduces incident response times to a matter of seconds by showing you exactly which resource is vulnerable and how to remediate it. Go back in time to identify how the vulnerability was initially exposed, and whether any potentially compromising activities have already occurred, such as calls from suspicious IPs. AASC reads resource configuration, user activity, network traffic, and more to provide context-based recommendations.​

Continuous Compliance, One-Click Reports: It can be challenging to maintain multi-cloud compliance as requirements increase and expand in scope across CIS, NIST, PCI, FedRAMP, GDPR, ISO, SOC 2, and more. AASC continuously monitors all cloud resources for potential compliance violations and provides customizable one-click compliance reports. Click-through controls resolve issues quickly in the face of ever-changing configurations and development requirements.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals