Killing two birds with one stone – POPI compliance and secure remote access during COVID-19
With Fudo PAM, organisations can achieve POPIA compliance while securing remote access during the global COVID-19 crisis.
As the world goes through unprecedented digital transformation, both information and customer data have become the most important asset to many companies.
Unsurprisingly, database-targeted cyber attacks have increased rapidly, leading to massive financial drawbacks that have hit companies particularly hard during global challenges like COVID-19.
As a result, privacy has become the main focus of regulatory agencies.
From 1 July 2020, South African companies had less than one year to meet compliance with the new POPI Act (Protection of Personal Information Act).
It targets the containment of negligent usage or the misuse of personal data, as well as the protection of personal rights.
POPIA forces all companies to take appropriate measures to prevent security incidents that include the loss of personal data and in case they do occur to report and publish each individual security incident:
“Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify the Regulator; and subject to subsection, the data subject …“
Failing to comply with POPIA may lead to high penalties of up to R10 million or long prison terms of up to 10 years, depending on the seriousness of the breach.
Unfortunately, most IT-related business units have already experienced difficulties in securing an appropriate security level during “normal times”, having a hard time arguing internally why they need money for non-operative topics.
With COVID-19, a global recession, trade slumps and major uncertainties, the situation has gotten much worse.
Senior management tends to underinvest in IT-security related areas even though security breaches can lead to much worse situations than a POPIA violation.
Unsurprisingly, many CIOs’ heads are spinning, arguing why they need money for IT security, all while the company’s future is so uncertain.
Fudo Privileged Access Management
The answer to the herculean task is plain and simple: Fudo PAM - Privileged Access Management.
During these unprecedented times, the urgent need for remote access can result in time pressure and does not provide a buffer for well-thought-out solutions.
Previous security concepts are often avoided to enable remote access. With Fudo PAM - which is the ideal PAM product - both goals are achieved at once: meeting POPIA compliance while also securing remote access during the global COVID-19 crisis.
Leading PAM solutions like Fudo PAM aim to protect company data, but only the best of the best are able to create added value which improves the operational business right after deployment.
Here are some examples:
- Recording all traffic in real-time (but reducing the session storage to a minimum).
- Generating complete access control (especially to personal data).
- Distributing only necessary rights to every internal and external company party.
- Preventing unwanted commands, actions and breaches.
- Allowing proactive monitoring and cooperative working by sharing sessions.
- Preventing the abuse of privileged user accounts thanks to artificial intelligence, rule settings and machine learning.
- Analysing the efficiency of external services.
- Serving as an internal training tool.
- Reducing the expenditures for the coordination of workflows to a minimum.
Of course, privileged access management is not the only topic directed at the regulations of POPIA, but it is intuitive and therefore serves perfectly as leverage for CIOs and CISOs during global challenges like COVID-19 when remote working is booming and security risks are rising.
Article written by Christian Reicher, 21 September 2020, Fudo Security DACH, Hans-Bornkessel-Straße 45, 90763 Fürth.