SailPoint, the leader in identity management, surveyed customers and attendees at this week’s Gartner IAM Summit about their plans for meeting compliance requirements associated with the General Data Protection Regulation (GDPR) which goes into effect in 2018. Of approximately 100 survey respondents, 80 percent see GDPR as a priority even if they don’t have a specific plan in place (only 25 percent of respondents have an established plan) to comply with the regulation. Of those who are planning ahead for GDPR, most (75 percent) recognise the important role that identity governance plays in helping them to be GDPR-ready by 2018.
Until recently, enterprises have focused on securing the network perimeter as a means to protect their applications and data that resides within it. However, with a growing number of data breaches occurring due to compromised credentials, malicious insider behavior, and the proliferation of sensitive data being saved in unsanctioned locations, enterprises are realising the way to mitigate these risks is to implement tight governance of the identities – employees, contractors, partners, etc. – within their organisation and controlling the data, applications, and systems users are allowed to access. This governance oversight must now extend to both personal data stored in unstructured systems like file systems, collaboration portals and cloud storage systems and to management of user access to structured systems that contain personally identifiable information and data.
By monitoring who has access to what, organisations can leverage SailPoint’s identity management platform to quickly identify inappropriate access – including policy violations – and take action, mitigating malicious data breach behavior leading to GDPR-related penalties. Ready-to-use data discovery and classification policies allow enterprises to more easily identify files containing PII, PCI, and PHI related information. With SecurityIQ, SailPoint’s data access governance solution, enterprises are armed to confidently discover and protect the slew of personal and highly-sensitive information often stored in hard-to-manage unstructured files. With the added layer of SailPoint’s IdentityIQ (identity governance on prem) and IdentityNow (identity governance in the cloud) organisations can administer identity and data access governance policies to further strengthen overall GDPR compliance efforts. And, with an extensive library of ready-made reports, enterprises have quick visibility into activity regarding permissions, policies and data access required to demonstrate proof-of-compliance with GDPR.
“With less than a year to go before GDPR takes full effect, now is the time for enterprises to get their identity house in order,” said Kevin Cunningham, SailPoint’s president and co-founder. “By focusing on a few key identity governance priorities: locating sensitive data, understanding who has access to it and maintaining proper access controls on that data, organisations will have the full visibility they need to comply with GDPR. To be able to answer ‘who has access to what’ at any time and across the entire security ecosystem puts enterprises in a position of power – the power to protect sensitive data stored in unstructured systems; the power to confidently comply with global regulations like GDPR; and the ultimate power to reduce risk to the business overall.”