Anyone questioning the importance of IT asset visibility in an organization’s security and compliance postures ought to review the EU’s General Data Protection Regulation (GDPR), which goes into effect next year.
With the severe requirements the GDPR places on how a business handles the personal data of EU residents, it’s clear a comprehensive IT asset inventory is a must for compliance.
Specifically, companies must know what personally identifiable information (PII) they hold on these individuals, where it’s stored, with whom they’re sharing it, how they’re protecting it, and for what purposes it’s being used.
In this second installment of our blog series on GDPR readiness, we’ll explain how organizations need full visibility into all hardware and software involved in the processing, transmission, analysis and storage of this PII data, so they’re able to protect it and account for it as required by the regulation.
The Challenge of Asset Visibility
Stringent, unforgiving regulations like GDPR, combined with increasingly hybrid, distributed and decentralized IT environments are creating a perfect storm for many IT and InfoSec teams: While their security and compliance challenges get thornier, the visibility of their organizations’ IT assets becomes fuzzier.
Flying blind increases exponentially the risk of getting hacked and of running afoul of regulations, because you can’t secure — nor defend yourself from — what you can’t see. So in this age, more than ever, it’s key to have complete visibility of your IT environment and a detailed inventory of all your assets.
With GDPR, if you can’t monitor and properly protect customers’ PII, you could face catastrophic penalties, including fines of up to 4% of your organization’s annual revenue.
Regain IT Asset Visibility with Qualys
Qualys’ asset inventory service automates collection and categorization of IT, compliance, and security data, which is fed into its cloud platform for aggregation, indexing, correlation, and analysis.
To continuously collect and update this data, Qualys uses a variety of sensors, including:
● Physical and virtual appliances that scan IT assets located on-premises, in private clouds, or in virtualized environments
● Cloud appliances that remotely scan your infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances in commercial cloud computing platforms
● Lightweight, all-purpose cloud agents installed on IT assets that continuously monitor them
Qualys’ asset visibility capabilities include:
● Complete visibility of your IT environment
Full horizontal visibility of all hardware and software, scaling up to millions of assets — on-premises, in cloud instances, and on mobile endpoints.
● Deep visibility into assets
Detailed, multidimensional view of each IT asset that includes both its IT and security data, so you can flag issues such as configuration problems, security risks, IT policy violations and regulatory non-compliance.
● Continuous and automatic updates
An IT asset inventory loses its value if its data gets stale: New vulnerabilities are disclosed every day. Old ones can suddenly become more dangerous. A laptop can quickly go from secure to compromised. Qualys continuously updates all asset inventory data.
● Asset criticality rankings
Not all assets carry the same weight within your organization. Qualys lets you tag your assets, so you put relevant labels on them in the inventory and organize them in multiple ways.
● Interactive, customizable dashboarding and reporting
It’s essential to graphically display and document IT inventory data so that you can act on insights and prevent and address threats. Interactive, customizable dashboards and powerful reporting capabilities let you visualize and share the security, configuration and compliance status of IT assets. Search capability lets you fire off ad hoc queries against the inventory database.
● Integration with your CMDB
IT asset inventory solutions must link up with your CMDB (configuration management database) and continuously feed it fresh, detailed data, so the CMDB can better map the relationships, hierarchies and dependencies among IT assets. The Qualys app for ServiceNow CMDB automatically syncs data from Qualys with the ServiceNow configuration management system.
In summary, Qualys gives you a comprehensive, detailed and continually updated inventory of all your IT assets — hardware and software — wherever they reside: on-premises, in the cloud, or on mobile endpoints. This inventory is both a complete “horizontal” list of IT assets as well as deep “vertical” details for each asset, including hardware specs, installed software, network connections, approved users, applied patches, and open vulnerabilities.
Fine-Tune Your IT Asset Visibility with Qualys for GDPR Compliance
With this expansive and complete view, you can see the internal IT asset landscape where all your customers’ data is stored, processed, accessed and transmitted. With this foundation, you can start to get clarity and understanding into the many moving parts involved in collecting and processing PII. As you identify, document and map these data flows, you can further develop your GDPR readiness efforts accordingly.
To learn more about how Qualys solutions can help you become compliant, visit qualys.com/gdpr where you can download our free GDPR guide and watch our GDPR webcast.