RSA Extends Business-Driven Security™
Portfolio to Help Address GDPR, Risk and Compliance Challenges
Portfolio to Help Address GDPR, Risk and Compliance Challenges
SINGAPORE — October
19, 2017 — RSA,
a global cybersecurity leader delivering Business-Driven Security™ solutions,
unveiled new products to help address many of the challenges related to
compliance with data protection regulations like the European Union’s General
Data Protection Regulation (GDPR).
19, 2017 — RSA,
a global cybersecurity leader delivering Business-Driven Security™ solutions,
unveiled new products to help address many of the challenges related to
compliance with data protection regulations like the European Union’s General
Data Protection Regulation (GDPR).
New RSA Archer
offerings around Data Governance and Privacy Program Management can be paired
with RSA NetWitness® to help speed breach response, and RSA SecurID® to deliver
identity and data access assurance to further continuous compliance capabilities.
offerings around Data Governance and Privacy Program Management can be paired
with RSA NetWitness® to help speed breach response, and RSA SecurID® to deliver
identity and data access assurance to further continuous compliance capabilities.
GDPR is forcing
companies around the world to revisit and revise how they manage and protect
data in today’s interconnected cyber landscape. A recent PwC survey found
over half of U.S. multinationals say GDPR is their top data-protection
priority.
companies around the world to revisit and revise how they manage and protect
data in today’s interconnected cyber landscape. A recent PwC survey found
over half of U.S. multinationals say GDPR is their top data-protection
priority.
DATA PRIVACY IS A
BUSINESS RISK
BUSINESS RISK
“We used to live in a
world where executives ran the business, IT ran the infrastructure, security set
the perimeter, and compliance made the rules, but regulations like GDPR are
breaking down those old walls,” said Rohit Ghai, President, RSA. “GDPR
translates cyber risk to a bottom-line business issue, which completely changes
how businesses view their customers’ data.”
world where executives ran the business, IT ran the infrastructure, security set
the perimeter, and compliance made the rules, but regulations like GDPR are
breaking down those old walls,” said Rohit Ghai, President, RSA. “GDPR
translates cyber risk to a bottom-line business issue, which completely changes
how businesses view their customers’ data.”
RSA offers a
combination of products and services across these domains, including two new
use cases in the market leading RSA® Archer® Suite:
combination of products and services across these domains, including two new
use cases in the market leading RSA® Archer® Suite:
· The RSA Archer Data Governance use
case is designed to assist organizations in better documenting data governance
requirements to improve support for data-centric regulations, such as HIPAA,
GLBA and GDPR.
case is designed to assist organizations in better documenting data governance
requirements to improve support for data-centric regulations, such as HIPAA,
GLBA and GDPR.
· The RSA Archer Privacy Program
Management use case is designed to enable
organizations to holistically manage privacy programs and align processes with
regulations, including privacy assessments and regulatory case tracking.
Management use case is designed to enable
organizations to holistically manage privacy programs and align processes with
regulations, including privacy assessments and regulatory case tracking.
Ultimately, GDPR is
not just a Governance, Risk and Compliance (GRC) issue. GDPR spans the full
enterprise and forces companies to adopt a healthier privacy and security risk
posture in four critical areas: Risk Assessment, Breach Readiness, Data
Governance, and Compliance Management.
not just a Governance, Risk and Compliance (GRC) issue. GDPR spans the full
enterprise and forces companies to adopt a healthier privacy and security risk
posture in four critical areas: Risk Assessment, Breach Readiness, Data
Governance, and Compliance Management.
RISK ASSESMENT:
UNDERSTANDING YOUR CYBER AND BUSINESS RISK
UNDERSTANDING YOUR CYBER AND BUSINESS RISK
GDPR Article 32
outlines elements of a security risk assessment process to ensure the
appropriate design and implementation of controls. An effective risk assessment
process helps accelerate the identification of the linkage between risks and
internal controls, potentially reduce the GDPR compliance gaps and improve risk
mitigation strategies, while also giving companies a game plan for improving
their cyber posture.
outlines elements of a security risk assessment process to ensure the
appropriate design and implementation of controls. An effective risk assessment
process helps accelerate the identification of the linkage between risks and
internal controls, potentially reduce the GDPR compliance gaps and improve risk
mitigation strategies, while also giving companies a game plan for improving
their cyber posture.
The RSA Archer Suite is
designed to empower organizations to manage multiple dimensions of risk with
solutions built on industry standards and best practices on one configurable,
integrated software platform. Other use cases that can help support critical
GDPR related processes include:
designed to empower organizations to manage multiple dimensions of risk with
solutions built on industry standards and best practices on one configurable,
integrated software platform. Other use cases that can help support critical
GDPR related processes include:
· RSA Archer Security Incident Management helps enable processes to address the
flood of security alerts and implement a managed process to escalate,
investigate and resolve security incidents.
flood of security alerts and implement a managed process to escalate,
investigate and resolve security incidents.
· RSA Archer Security Operations and Breach
Management helps extend the
security incident process by adding workflow for data breaches and management
of the overall security operations team.
Management helps extend the
security incident process by adding workflow for data breaches and management
of the overall security operations team.
· RSA Archer Issues Management helps organizations manage issues
generated from risk and control assessments and audits.
generated from risk and control assessments and audits.
· RSA Archer IT Risk Management helps accelerate the identification of
IT risks related to GDPR compliance and improves an organization’s risk
mitigation strategies.
IT risks related to GDPR compliance and improves an organization’s risk
mitigation strategies.
· RSA Archer IT & Security Policy Program
Management provides the
framework to help organizations establish a scalable and flexible environment
to document and manage an organization’s policies and procedures to help comply
with the GRPR.
Management provides the
framework to help organizations establish a scalable and flexible environment
to document and manage an organization’s policies and procedures to help comply
with the GRPR.
· RSA Archer IT Controls Assurance provides a framework and taxonomy to
assist organizations by systematically documenting the GDPR control universe,
enabling organizations to assess and report on the performance of controls at
business hierarchy and business process levels.
assist organizations by systematically documenting the GDPR control universe,
enabling organizations to assess and report on the performance of controls at
business hierarchy and business process levels.
· RSA Archer Third Party Catalog assists in documenting third party
relationships, engagements and associated contracts to identify help track
external parties related to GDPR.
relationships, engagements and associated contracts to identify help track
external parties related to GDPR.
BREACH RESPONSE:
RESPONDING REQUIRES VISIBILITY
RESPONDING REQUIRES VISIBILITY
Article 33 of the GDPR
regulation outlines specific requirements for notification of a personal data
breach to the supervisory authority, which makes having a full understanding of
the details of a data breach paramount. The goal of any security team is to
prevent these kinds of breaches, but breaches can still occur. As a result,
many data protection requirements focus on breach response and reporting.
regulation outlines specific requirements for notification of a personal data
breach to the supervisory authority, which makes having a full understanding of
the details of a data breach paramount. The goal of any security team is to
prevent these kinds of breaches, but breaches can still occur. As a result,
many data protection requirements focus on breach response and reporting.
Additionally, GDPR
requires notification to regulators, generally within 72 hours of
becoming aware of an actual breach. Released earlier this summer,
the newest edition of RSA NetWitness® Suite is
designed to scan your entire infrastructure for indications of an attack, and
uses behavioral analysis and machine learning to help better understand the
scope and nature of a breach with improved visibility into the attack sequence,
enabling faster notification.
requires notification to regulators, generally within 72 hours of
becoming aware of an actual breach. Released earlier this summer,
the newest edition of RSA NetWitness® Suite is
designed to scan your entire infrastructure for indications of an attack, and
uses behavioral analysis and machine learning to help better understand the
scope and nature of a breach with improved visibility into the attack sequence,
enabling faster notification.
DATA GOVERNANCE MEANS
IDENTITY MANAGEMENT
IDENTITY MANAGEMENT
Another critical
element of GDPR compliance is controlling who has access to personal data.
Organizations must protect personal data in a number of different ways, and
must be able to demonstrate accountability in keeping accurate records of
processing activities, including the categories of personal data processed, the
purposes of processing, transfers to third countries outside of the European
Economic Area, and the relevant technical and organizational security
measures.
element of GDPR compliance is controlling who has access to personal data.
Organizations must protect personal data in a number of different ways, and
must be able to demonstrate accountability in keeping accurate records of
processing activities, including the categories of personal data processed, the
purposes of processing, transfers to third countries outside of the European
Economic Area, and the relevant technical and organizational security
measures.
The RSA SecurID® Suite, including RSA SecurID® Access and RSA® Identity Governance and
Lifecycle, is designed to enable organizations of all size and maturity
to minimize identity risk and deliver convenient and secure access to their
modern workforce. By leveraging risk analytics and context-based awareness, RSA
SecurID Suite helps ensure the right individuals have the right access, from
anywhere and any device. These products can play a critical role in addressing
the fundamental need for identity and access assurance.
Lifecycle, is designed to enable organizations of all size and maturity
to minimize identity risk and deliver convenient and secure access to their
modern workforce. By leveraging risk analytics and context-based awareness, RSA
SecurID Suite helps ensure the right individuals have the right access, from
anywhere and any device. These products can play a critical role in addressing
the fundamental need for identity and access assurance.
PROGRAM MANAGEMENT:
COMPLIANCE IS NOT A DESTINATION
COMPLIANCE IS NOT A DESTINATION
Compliance program
management establishes a scalable and flexible environment to document and
manage an organization’s relevant privacy policy and/or GDPR related
procedures, standards and controls. However, being GDPR compliant, just like
having a “secure” enterprise can change from moment to moment and is a moving
target for businesses.
management establishes a scalable and flexible environment to document and
manage an organization’s relevant privacy policy and/or GDPR related
procedures, standards and controls. However, being GDPR compliant, just like
having a “secure” enterprise can change from moment to moment and is a moving
target for businesses.
The RSA Risk and Cyber Security
Practice offers a range of strategic services
designed to help customers develop a business-driven security posture, build an
advanced security operations center and revitalize their GRC program. To
complement a robust product offering, RSA also provides implementation and
post-implementation support so customers can maximize their existing investment
in RSA products.
Practice offers a range of strategic services
designed to help customers develop a business-driven security posture, build an
advanced security operations center and revitalize their GRC program. To
complement a robust product offering, RSA also provides implementation and
post-implementation support so customers can maximize their existing investment
in RSA products.
· The RSA Risk Management Practice delivers strategic consulting services
to help optimize an organization’s GRC program. It also offers staff
augmentation and support services to help plan, implement, deploy and upgrade
RSA products and services, including the RSA Archer Suite.
to help optimize an organization’s GRC program. It also offers staff
augmentation and support services to help plan, implement, deploy and upgrade
RSA products and services, including the RSA Archer Suite.
· The RSA Advanced Cyber Defense Practice helps security organizations develop the
processes, procedures, workflows and automation that enable prompt, decisive
response to data breaches and other cyber incidents.
processes, procedures, workflows and automation that enable prompt, decisive
response to data breaches and other cyber incidents.
· The RSA Incident Response Practice helps organizations respond to security
breaches as they prepare to meet new 72-hour notification requirements of GDPR.
breaches as they prepare to meet new 72-hour notification requirements of GDPR.
· The RSA Identity Assurance Practice helps organizations plan and implement
comprehensive programs for managing access to GDPR-relevant data. With
knowledge of who has access to what, organizations can make more informed
access decisions, better identify risky activity, and meet compliance mandates.
comprehensive programs for managing access to GDPR-relevant data. With
knowledge of who has access to what, organizations can make more informed
access decisions, better identify risky activity, and meet compliance mandates.
With an organized,
managed process to escalate issues identified during control testing,
organizations get visibility into risks and can address the risks in a timely
manner. Organizations will see quicker reaction to emerging issues, create a
more proactive and resilient environment, and reduce the churn in driving
accountability towards GDPR compliance.
managed process to escalate issues identified during control testing,
organizations get visibility into risks and can address the risks in a timely
manner. Organizations will see quicker reaction to emerging issues, create a
more proactive and resilient environment, and reduce the churn in driving
accountability towards GDPR compliance.
ADDITIONAL RESOURCES:
· Read the blog Privacy Resiliency Flexibility:
Where are they on your radar
Where are they on your radar
· View this webcast to learn about Five Tips to Accelerate Your GDPR
Strategy
Strategy
· Register for an
October 18 webinar: Managing the Challenges of GDPR:
Osterman Research Survey Results featuring Mike
Osterman Principal, Osterman Research, Inc.
October 18 webinar: Managing the Challenges of GDPR:
Osterman Research Survey Results featuring Mike
Osterman Principal, Osterman Research, Inc.
· Register for
an October 26 webinar: Are you ready for GDPR? 4 Key Areas
for GDPR Planning featuring Rashmi
Knowles Field CTO, EMEA, RSA
an October 26 webinar: Are you ready for GDPR? 4 Key Areas
for GDPR Planning featuring Rashmi
Knowles Field CTO, EMEA, RSA
ABOUT RSA
RSA, a Dell Technologies business,
offers business-driven security solutions that uniquely link business context
with security incidents to help organizations manage risk and protect what
matters most. RSA solutions are designed to effectively detect and respond to
advanced attacks; manage user identities and access; and, reduce business risk,
fraud, and cybercrime. RSA protects millions of users around the world and
helps more than 90% of the Fortune 500 companies thrive in an uncertain,
high-risk world. For more information, go to rsa.com.
offers business-driven security solutions that uniquely link business context
with security incidents to help organizations manage risk and protect what
matters most. RSA solutions are designed to effectively detect and respond to
advanced attacks; manage user identities and access; and, reduce business risk,
fraud, and cybercrime. RSA protects millions of users around the world and
helps more than 90% of the Fortune 500 companies thrive in an uncertain,
high-risk world. For more information, go to rsa.com.
Dell, EMC, RSA, Business-Driven
Security, Archer, NetWitness, SecurID and other trademarks are trademarks of
Dell Inc. or its subsidiaries. Other trademarks may be the property of their
respective owners.
Security, Archer, NetWitness, SecurID and other trademarks are trademarks of
Dell Inc. or its subsidiaries. Other trademarks may be the property of their
respective owners.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
