Qualys now offers customers purpose-built content, workflows and reporting in its cloud platform to provide them with continuous IT asset visibility, data collection and risk evaluation for compliance with the EU General Data Protection Regulation (GDPR). It also helps customers with ongoing protection of personal data across global IT environments and third parties.
Qualys will demonstrate these capabilities for enabling GDPR compliance during the Infosecurity Europe conference at stand E20.
GDPR requires organizations globally to properly track and protect their EU customers’ personal data or face penalties and fines on multiple fronts. By tracking and classifying the IT assets which contain that data, and by adopting overall data governance and security programs, organizations can address GDPR requirements to identify, classify, and limit access to protected personal data. Qualys combines several cost-effective security and compliance solutions in one cloud-based platform — enabling customers with single-pane visibility of their risk both internally, and across third-party data processors, thus helping them maintain continuous visibility of their GDPR compliance state.
“The data processing landscape has seen huge changes since 1995, and the new General Data Protection Regulation (GDPR) is an opportunity for all organizations to harmonize their data protection,” said Jamal Dahmane, chief information security officer, Group Essilor. “Besides the implementation of the processes and the organization required to continuously support GDPR compliance, it is necessary to have tools that help us gain the best visibility and react at the right time.”
“In this era of global and digital business, every organization needs to consider how to protect their data and that of their customers,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “It is vital that organizations with EU or any customer data understand how to get visibility and secure their IT assets, data and supply chain. This is what the Qualys Cloud Platform allows customers to do with a high degree of accuracy and scale, at a much lower cost than enterprise software point solutions.”
Qualys GDPR compliance solution
The Qualys Cloud Platform incorporates more than 10 applications, which allow customers to efficiently comply with key GDPR elements by enabling them with global and continuous visibility, and the tools to secure data and processes across their IT assets and third parties:
Asset visibility – The highest-risk assets are those that go undetected, and gaining complete visibility across IT environments is critical to GDPR planning and compliance — especially amongst many moving parts involved in collecting and processing personal information, which must be identified and tracked. AssetView stores and indexes both IT and security data, including installed software types, allowing customers to search, track, and tag critical assets holding personal data whether on-premise, mobile, or in the cloud. This helps security teams understand the size and scale of plan needed to tackle GDPR compliance.
Data visibility – Protecting personal information is what GDPR is all about. Once an organization has full visibility into their IT assets, they can use this information to create data maps, and better understand which technical controls may be required to secure sensitive data. Policy Compliance (PC) can be used to validate and track access to the files and databases on these systems, and eliminate security configuration exposures, reducing the risk of unauthorized access.
Supplier visibility – GDPR requires organizations to ensure security of Personal Data stored with third party suppliers – public clouds, SaaS platforms, partners and vendors – as both parties are jointly-liable for any breach. Qualys Security Assessment Questionnaire (SAQ) enables customers to scale and accelerate third-party security audits to verify those parties are compliant with GDPR. A GDPR-specific SAQ questionnaire template automates the distribution, management and collection of these survey responses.
Process review – GDPR compliance requires organizational awareness, implementation and review of process controls, policies and procedures for infosec and data classification, and significant data gathering and risk assessment. SAQ automates the entire process of data collection across an organization’s affected teams. An SAQ out-of-the-box questionnaire template for assessing GDPR readiness helps customers understand the location, user access and security controls for any personal data in their network.
GDPR-mandated security program support – GDPR also requires appropriate technical and organizational measures to protect personal data from unauthorized access, misuse, damage and loss. Qualys Vulnerability Management (VM) and PC give customers continuous visibility to enforce proper security controls with out-of-the-box mandate-based reporting for GDPR requirements. SAQ can also help assess organizational measures to enforce policies.