Security & IT Infrastructure Compliance

An Easier Way to Maintain Compliance

Play by the rules, don’t pay because of the rules

Compliance requirements come from many sources, regulatory agencies, corporate standards, and vendor agreements to name a few. Wrangling the bookkeeping, tracking, auditing, and reporting is daunting enough, but then assuring that the data sources you are working from are accurate can seem impossible.

If you are going to be held accountable for your organizations compliancy, you need to hold the organization accountable for accurate data. Something you can get from a single source of truth.

 

IT Compliance Solutions

How Nlyte Makes it Easier to Stay Compliant

Data Location
The critical data’s geographic location and the devices servers/storage/network it resides on, and where it has been replicated to.

Security Tool Identification
What and if any security tools are deployed on identified devices and enabled to protect the critical data.

Data Breach Notifications 
Indicating what data subject’s data ran on what assets, identification of secondary locations of infrastructure for the safe handling of data transporting across borders.

Discover
dentify what personal data you have and where it resides.

Manage
Govern how personal data is used and accessed.

Protect
Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.

Report
Act on data requests, report data breaches, and keep required documentation.

Avoiding Some of the Compliance Misconceptions

Regulatory compliance is all about the “data”
A common misconception is that GDPR, HIPAA, SOX, PCI, etc. only focused on a small data set. All of these regulations stipulate the management of the data in trust requires accountability for the entire chain of custody including the infrastructure it resides in. Nlyte improves compliance by providing the ability to track within the physical infrastructure where the data resides, whether it is encrypted and by what method, the means in which the data is transported, and who has interacted with the data.

I’m too small to have a software audit
Some of the landmark cases that hit the news in the last few years may lead smaller or less visible organizations into thinking they are too obscure to be the target of an audit from the BSA (Business Software Alliance). However, BSA is supported by Microsoft, Adobe, Oracle, and many others who are looking for all the revenue possible, recent audits by the BSA have shifted to smaller organization.

Asset Management is 80% process and 20% technology. Nlyte provides the technology piece to provide you with full visibility into what you have installed across the board and who has access rights.

ISO Standards

Once considered simply the ISO standard for auditing software (SAM), the ISO 19770 family of standards has received attention from the major Accounting Firms as well as NIST. They recognize that identifying, tracking, and reporting the history and status of the hardware and software infrastructure is imperative to a reliable compliance practice and audit program. Nlyte delivers comprehensive details on hundreds of attributes that enable a compliance team to discover and understand any/all  technology assets providing location, status, accessibility, and vulnerabilities.

Compliance Pays for Itself

Nlyte provides tools that continuously monitor the network for assets being added and removed. A single source of truth is established with current data information and then shared with CMDB, ITSM, and Finance systems. This eliminates the hunt and seek audit process and provides accurate reporting with a simple key stroke.

While may believe compliance is the necessary evil, there is a new respect for the benefit of a strong compliance program. There are the obvious responses:

  • Avoid penalties
  • Increased licensing fees
  • Legal fees
  • Public shame

While those are good and tangible ROI drivers, it turns out keeping accurate track of what you have and what you are using has some real day-to-day cost benefits.

  • It is not uncommon for many organizations to over provision hardware and software by 20% or more. Accurate tracking of deployment and usage can eliminate all of the support and maintenance costs associated with that idle equipment.
  • Groups within an organization have to purchase hardware and software when there is idle equipment in storage or another groups asset pool. Identifying and reallocating eliminates waist and frees up budget for other critical expenditures.
  • The cost to execute a physical audit takes 50 or more hours according to a recent survey from the Serpio group. This does not include the ongoing mini-audits and inventory exercises IT and asset management teams engage in on a daily basis.

Key Features

Data Protection Impact Management
Right to Erase
Audit and Compliance Reporting
Data Breach and Notification to Authorities
  • Assigned DP Officer’s validation of a workflow’s compliance impacting assets hosting customer data
  • Capturing asset name, application name, and if the system is running or hosting customer data
  • Reporting on the count of all workflows that have a GDPR activity, and status
  • Flag and track the lifecycle of all assets that were used for the storage or processing of customer data
  • Track who has handled or had physical access to assets running customer data
  • Track complete lifecycle record of customer data’s physical location from point of existence through destruction/decommissioning
  • Automates compulsorily data protection audits
  • Validates assets and applications are aligned correctly within the compute infrastructure
  • Identifies any asset or application change in or out of authorized compliant workflows and data transfers
  • Executive Summary reports the number of tracked assets by location, by status, active, decommissioned
  • Operation drill-down lists assets by location, rack, name, IP address, data last audited, mapped business applications, and if security software is installed and enabled