Today at InfoSecurity Europe 2016, CipherCloud announced the availability of the industry’s first cloud security solution designed to help companies comply with the European General Data Protection Requirement (GDPR). CipherCloud’s award-winning Cloud Access Security Control (CASB) platform now has built-in GDPR-readiness capabilities, including the ability to detect sensitive personal data across multiple cloud applications, proactively remediate problems, encrypt or tokenize sensitive data to prevent unintended leaks, monitor user activity and detect geographic anomalies.
GDPR is a set of regulations put in place by the European Commission designed to strengthen data protection for EU citizens. The legislation was approved last month and companies must comply by May 2018 or face substantial risk and steep fines. Given the complexity of GDPR requirements, this is a very short timeframe for companies to become fully compliant with the new data privacy regulations.
CipherCloud’s CASB platform enables global enterprises to leverage the cloud while avoiding risk and legal entanglements by assuring data privacy, residency, and sovereignty. For organizations that need to comply with GDPR regulations, the platform offers:
- GDPR-specific policies to detect and protect personally-identifiable information including:
- National identity numbers for more than 20 European countries
- Names, addresses, phone numbers, and email addresses
- Banking account and routing information including IBAN, SWIFT and ABA codes
- Private healthcare and insurance information
- Policy controls based on source, location, content, and destination of files and database content in the cloud
- Proactive remediation of policy violations with blocking, quarantining, notification, and end-to-end file encryption
- Activity monitoring and geographic anomaly detection to spot suspicious activity from non-EU locations
- Strong encryption and tokenization with local key management to effectively maintain EU data residency and sovereignty, regardless of cloud provider location
“The cloud is inherently global and does not respect national boundaries,” said Rik Turner, senior analyst, Ovum. “With the GDPR looming, you can’t rely on cloud data provider security assurances, and must take proactive steps to protect private data. The penalties and risk of violations is simply too great to ignore.”
“The benefits of cloud computing for businesses can be substantial, but companies will always be held responsible for protecting private and sensitive customer information, regardless of where it resides,” said Willy Leichter, vice president of cloud security for CipherCloud. “Our solutions enable organizations to adopt the cloud, while maintaining visibility and control over sensitive data—key requirements for complying with the new GDPR regulations.”