Compliance

Governance, Risk and Compliance remain equally important and challenging to many organisations.

The legislative and regulatory landscape is becoming increasingly complex, particularly in Europe with localisation an additional contributor as countries interpret EU legislation differently.

Alongside added complexity, costs continue to rise. According to the British Chamber of Commerce the cumulative cost to UK business of over 75 major regulations introduced since 1998 continues to rise - from £39 billion in 2005, to over £65 billion in 2007, to £88.3 billion in 2010. The Data Protection Act alone has so far cost business more than £7 billion.

Companies that adopt standards to navigate through the legislative and regulatory minefield derive significant benefits - most notably through increases in productivity, efficiency, effectiveness, agility and a reduction in risk.

ISO/IEC 27001/2 is becoming established as the global standard for information security best practice with adoption growing worldwide. Russia and Japan (where BSI have issued over 1,000 certificates) have most recently embraced it.

The Payment Card Industry Data Security Standard, commonly shortened to PCI DSS, is being driven by major credit card brands including Visa, MasterCard and American Express. Merchants of all sizes are now coming under pressure to act to meet detailed requirements relating specifically to cardholder data. The standard is another market driver but not yet fully adopted and accepted, with insurance requirements unclear and liability concerns.

VigilancePro® provides a single integrated solution that addresses directly 63 of the 133 controls (47%) within ISO27001. This represents unprecedented coverage in a single product. In addition, 16 of the key requirements of PCI DSS are also addressed.

Compliance is a complex challenge with a beginning but not an end. Once reaching a level of attestation or achieving compliance, maintaining that position is an on-going continuous journey that carries with it the ability to prove due diligence at any point in time.

VigilancePro can assist companies in implementing and enforcing policies and to adapt to new and emerging threats, and patterns of user activity and behaviour in the future.

Five or six years ago the threat posed by instant messaging and social networking applications was entirely unforeseen. When these applications arrived existing security solutions did little to address the risk of information dissemination associated with their use. VigilancePro provides a flexible framework that will not only address today’s user interaction with sensitive information but will also manage new risk vectors as they arise.

The VigilancePro technology can underpin compliance programmes not only through policy implementation, enforcement and improvement but also by:

• Providing a comprehensive visual audit trail demonstrating due diligence and simplifying the external and internal audit processes.

• Delivering true 360 degree negative assurance that unstructured data is not unmanaged data travelling throughout the ICT estate unchecked.

• Integrating with user education and awareness initiatives providing an on-screen ‘learn as you work’ reminder to what is acceptable – and what is not.

The VigilancePro solution – unlike many other security products which protect other infrastructure components or against very specific point threats – was designed to visually identify, monitor, and report on exactly how users process, store and transmit sensitive information. This user centric approach – and the unique visual audit trail provided – delivers more control coverage than any other single solution.

VigilancePro can help organisations move beyond compliance check lists where the only savings that can be realised are related to reducing costs, particularly audit costs, to a position where compliance can deliver new business value and improved business performance – through securing business processes and information flows against fraud and abuse costs. 

For more information on precisely which controls VigilancePro covers please download our white paper Overtis_White_Paper_Realising_Compliance_V5-0-2

Solution Highlights:

• Capture and log all user activity – ‘minding the gap’ in traditional point product security architectures
• 360 degree negative assurance – prove that sensitive data does not appear where it shouldn’t
• Server agent provides visual audit trails of all file level actions
• Coverage for legacy ‘green screen’ applications
• Implement and enforce intelligent least-restrictive security policies
• Automate reporting for internal and external auditors
• Demonstrate attestation throughout the lifecycle
• Dramatically reduce compliance costs
• Secure and enable new business processes against fraud and abuse costs – delivering business value