As industry business models change, compliance challenges are being compounded by an evolving threat landscape and by increased scrutiny from federal agencies looking to protect critical data.
An increasingly complex network environment and the sophisticated attacks against it demand better security and privacy controls. Key data access trends for 2016, according to SSH Communications Security, include:
Privileged access management (PAM) and third party access are unavoidable
Outsourcing tech support to offsite workers with remote access to production environments and highly sensitive information is increasingly popular. As regulators demand more effective access controls and accountability for monitoring privileged access actions, PAM will be a compliance headache in 2016.
The federal government is actively enforcing HIPAA/HITECH in 2016. Auditors will be zeroing in on the areas where healthcare providers, health plans, and clearinghouses have failed audits most often in the past, and will be levying massive fines for noncompliance. As a result, HIPAA/HITECH will be a heavy compliance burden in 2016.
Financial Industry and SOX-404
Relentless ongoing audits and internal controls assessments continue to impact financial organizations, with privileged access controls expected to cause the most audit infractions. Expect mandates calling for all publically traded companies to have an internal audit function in place, and for the scope of internal controls audits to expand exponentially.
NISTIR 7966 security of interactive and automated access management using SSH
In 2016, U.S. federal government agencies will be required to abide by this guide to manage Secure Shell for access control; as a result, the private sector needs to be prepared for regulatory and standards bodies to follow suit.
“As cybercriminals attack on all fronts, federal auditors are cracking down to help keep customer data safe and reduce the number of breaches. Our predictions show that compliance trends in 2016 will require access control and encryption to become key elements of every organization’s security strategy. Well-defined and integrated security controls will help expedite breach investigations and ensure compliance with reporting requirements well into 2016 and beyond,” said Fouad Khalil, director of compliance, SSH Communications Security.