Untitled Document

Compliance

What is it?

IT compliance usually involves internal compliance following stated policies and guidelines, and external compliance where the regulations concerning operations are provided by industry bodies or the government.

Why you need it

Compliance requirements impose strict restrictions on the way that systems operate and the way users use and exchange data. Data theft and data leaks can be catastrophic for any business, particularly where public or other confidential data is concerned. The more compliance measures in place the better equipped an organisation is from avoiding or recovering from an incident.

How it works

The most difficult challenge with compliance is identifying the areas that need to be included in policies. Depending on the industry there may be a large number of regulatory controls that need to be complied with.

As an example, certain information must be kept for a period of years after creation and if this includes email then implementing an email archiving system means that emails are handled and accessed in a different way to normal. This necessitates user education, strict checks, controls and additional systems.

Archiving of both email and data is the biggest consideration when planning compliance policies and systems. High profile lawsuits and internal investigations will almost certainly call for evidence from servers and being able to provide this information quickly is essential for the reputation of a business.

In order to be effective, compliance planning and implementation needs to be reviewed on a regular basis to ensure methods are current and will be valid in years to come. Successful compliance is easy to achieve with a combination of automated systems, analysis, and monitoring.

Many regulatory compliance requirements such as PCI DSS, SOX, HIPAA require implementation of audit and security controls to protect data, presenting a complex challenge to IT challenge and prove costly to the organisation.

Imperva provides audits and protection of database assets with the ability to audit access to sensitive data, alert or block database attacks and unauthorised activity in real time, detect and patch vulnerabilities and accelerate incident response and forensic investigations.

Imperva SecureSphere Web Application firewall fully addresses regulatory compliance requirements like PCI DSS requirement 6.6 by automatically learning web application structure and user behaviour, threat updates, traffic originating and patching with clear reporting and alerts.