Many organizations, such as those operating in healthcare, government or public utilities, are subject to strict regulations that are diligently enforced. Even groups working well outside of those realms are often subject to technical rulesets, such as PCI compliance for any entity that accepts credit cards, or the new General Data Protection Regulation (GDPR) that dictates exactly how personal information can be collected and stored electronically for organizations doing business in Europe. Even groups that completely escape all forms of mandated regulations can take advantage of best-practice guidelines such as the NIST Cyber Security Framework to improve their security footing.
There are important distinctions between compliance and security. They are meant to be mutually supporting, with compliance rules put in place to provide a good security baseline. But it’s possible to be completely in compliance with all applicable regulations, and still not be adequately secure. The reverse is also true. If an organization has deep security but is still not technically in compliance with applicable regulations, should a data theft occur, they will likely still be held responsible, sometimes financially, because of the lack of compliance.
And just like compliance and security are similar but different, so too are the skillsets used to implement them. Organizations can have a deep IT or cybersecurity staff that is unskilled with compliancy issues, or unpracticed in knowing exactly which regulations apply.
That is where the Intellicta Platform from TechDemocracy shines. The platform acts like a security information and event management (SIEM) console, but for compliancy issues. Installed as either an on-premises or cloud-based console, it pulls information from a series of network collectors and correlates that data into a continuously-monitored compliancy dashboard.
Set up and configuration
Setting up the platform on a network involves linking the console to data collectors, which can be almost anything, including physical access servers, active directory lists, firewalls, Hadoop data, application servers, customer databases or anything else that might factor into a compliance regulation. Pricing for the platform is based on the number of collectors that are needed to obtain a complete network picture, and TechDemocracy will help get everything set up so that no issues are missed. The entire process takes about two to three weeks, depending on the size of the network to be monitored.
Once configured, the platform must then be programmed so that it knows what compliance rules will be tracked. It comes with every major compliance ruleset in place and ready to go, so things like HIPAA in healthcare or PCI for retail are implemented in just a few minutes. Once those are in place, the platform allows administrators to create their own compliancy rules, such as requiring biometric building access as part of a human resources management system.