General Data Protection Regulations (GDPR)
The GDPR comes into effect in 2018. It will change the way your business can collect, use and transfer personal data. Not only will you need to know where data is stored, you may also need to change the way it is collected. And, subject access requests will have even shorter timescales as fines for noncompliance hit new levels.
This Webpage outlines the Data, discovery, reporting and elimination of data associated with this risk
As an SME, we tend to choose and use products which will give value to our customers and will not require days to setup and or specialist services, professional services or extra infrastructure to run.
Using the Risk assessment tool, we are able to detect vulnerabilities on one or thousands of devices no matter where they are physically located in the world within seconds. No hardware or complex software required. Vulnerabilities exist where you least expect it. With Risk Intelligence, you can see every operating system and application threat putting your business at risk on servers, laptops and mobile devices if required
The Product and Background
This is a secure encrypted cloud based system which my own company (CTCS) uses for several financial and medical organisations that we support.
This product is unique in that it will not only Locate Sensitive Data across Networks and Workstations but will also assign value to your data vulnerability, helping you to build a strong business case for data protection and triage the most important problems to tackle.
Sensitive data left exposed on systems poses a great risk to your customers and will also cause financial penalties. Often, companies amass large amounts of sensitive personally identifiable information (PII), including National Insurance Numbers, driver’s license numbers, credit card information, and more in dispersed persistent storage. This product roots out sensitive data and potential vulnerabilities no matter where they are stored, providing actionable insights for sensitive data protection so you can mitigate the risk.
Running this on both STV-File and SRV-File would generate the data required as a starting point and allow you to see the extent of the problem.
The product allows us to move/delete/copy the data found to any other location or you can use it as a reporting tool only
How does it work
An agent is placed onto the server or any other device for scanning. This runs outside normal hours and so will not interfere with the day to day running of the system. In fact, you already have the agent, it will just need to be activated and turned on for this particular function.
This usually takes about 30 minutes to setup and can be accomplished with no downtime in working hours as it is non-invasive.
Scan and Encrypt
PCI DSS required scans: Perform PCI DSS internal vulnerability and Primary Account Number (PAN) scans using a simple, host-level authentication pattern.
Multiple supported device types: Scan for payment information across servers, workstations, and mobile devices.
Encryption for data-in-transit and data-at-rest: Encrypt transferred data via IPsec or SSL VPN tunnels, and secure data-at-rest without the need for a full public key infrastructure deployment.
Scan Across File Types and Technologies
Extensive file types: Scan text, MS Office, and compressed files as well as databases, email and email archives, and much more.
Cross-platform compatibility: Search across Windows, Mac OS X, Android, and iOS.
Multiple technologies supported: Covers Exchange, SharePoint, databases, email, email archives, cloud storage technologies, and much more.
Credit card data: Find the most common types of 16- and 13-digit credit card numbers across your systems, know which devices pose the greatest risk, and get a total, organization-wide GBP amount for a breach.
Data breach risk baseline: Pinpoint all sensitive data—including both personally identifiable information and your own custom defined file types—to get a financial risk number across your organization.
Vulnerability trend report: View changes in the total number of vulnerabilities over time so you can demonstrate improvements and recognize any potential risk increases.
Data breach risk trend report: View the change in your potential liability over time to demonstrate clear, financial improvement in your clients’ risk posture.
Per-device breakdowns: Drill down to the device level for most reports.
Exporting: Download reports in PDF, CSV, or Excel formats.
(all names obfuscated)
Sample Data Breach Risk Scan
Broken Down Summary shows
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability impact scores.
Unprotected Data Sources
All files are then identified with their exact locations so that they can be managed.
Pricing for Data Discovery and Reporting:
The Data discovery will run out of hours 24/7 and we have quoted based on a single device so that you can gain an understanding as to our charging methodology. The costings are detailed below:
Pricing for Data cleansing
This service will securely:
- Move and or
- Copy and or
the files which have been found. Full reporting is also offered
Licensing is not required for this solution as it will be included in costs outlined. This also includes upgrades to the software used for the provisioning of this solution.