Top 10 privacy protection tools for the enterprise
As technology evolves and Internet-connected smart devices become more and more common, many new privacy regulations are being enacted to protect us. One such is the GDPR, or General Data Protection Regulation. While the GDPR is European legislation, it also affects anyone who does business with Europe.
In this article, we will look at a selection of top tools you can use to safeguard the privacy of your users’ personal data and achieve and maintain GDPR compliance.
What should you learn next?
The below are subjective suggestions but will give you an idea of what top vendors can offer you in their market segment. Remember: because enterprise software can be categorized by business function, categories may sometimes overlap.
Some of the considerations you need to take into account before investing in privacy protection software include the size of your organization, how sensitive your data is, and the potential cost of a security breach for your company. Use the list of features in each tool category to further explore alternative vendors and find the best solution for your organization.
Tip: Before you do anything else, you should do a Privacy Impact Assessment (PIA). Enterprise-level privacy protection tools do not come cheap. A PIA will help you to make an informed decision about the level of privacy protection you need. It will also help you to identify what you need to do to become GDPR-compliant. A Data Protection Impact Assessment (DPIA) is mandatory for GPDR compliance if processing “is likely to result in a high risk to individuals.” The UK’s Information Commissioner’s Office (ICO) has a checklist to help you to decide when to do a DPIA.
Top 10 privacy protection tools
Data Loss Prevention (DLP)
These tools provide functionality to detect and prevent data vulnerability. There are seven protection features you should look for when choosing a DLP tool:
- Network: Analysis of network traffic
- Data identification: Identification of sensitive information
- Endpoint: Control of information flow between users and devices
- Data leak detection: Detection of location of unauthorized data
- Data at rest: Monitoring of archived data
- Data in use: Monitoring of data currently in use by user
- Data in motion: Monitoring of data currently flowing through the system
CheckPoint’s Data Loss Prevention Software Blade
- Real-time remediation of suspected breaches
- Scans and secures SSL/TLS encrypted traffic
- Scans file repositories of sensitive files and identifies when a file from a repository (or part of it) leaves the organization
- Wide coverage of traffic transport types – such as SMTP, HTTP and FTP data – to protect data in motion
- User-friendly policy management portal
- Identifies sensitive data like Personally Identifiable Information (PII), compliance-related data (HIPAA, SOX, PCI) and confidential business data
- Can be installed on any Check Point Security Gateway
Alternatives
Endpoint Protection
Endpoint security software protects a TCP/IP network by monitoring gateway access requested by devices, e.g. computers, phones, printers, POS terminals, etc. Security features usually include:
- Malware threat detection
- Activity monitoring
- Data encryption
- Patching, and remedial responses to breaches and alerts
Kaspersky Endpoint Security for Business Advanced
- Vulnerability assessment and patch management help eliminate security vulnerabilities
- Automates the creation, storage and cloning of system images
- Host-based Intrusion Prevention System (IPS) blocks attacks and controls what applications can run on network
- FIPS 140.2 certified encryption can help achieve GDPR compliance
- Forthcoming launch of transparency centers will allow partners to access and provide independent reviews of code
- Automatic rollback to undo most malicious actions
- One product with one license pricing model
Alternatives
Symantec Endpoint Protection 14
Malwarebytes Endpoint Security
Mobile Device Management (MDM)
Enterprise mobility management software is the answer to administering mobile devices and managing the BYOD security issues organizations face. It usually integrates with other device-specific management solutions. The tool you select should include the below features:
- Enforce passwords and data encryption
- Enforce company policies
- Block unknown devices
- Distribute antivirus and other malware software and filters
- Remote-manage devices, e.g. lock or wipe them
- Integrate with email client
- Secure browsers
- Support containerization
- Application configuration
- Remote messaging and communication
- VPN configuration
- Enables users to self-activate devices
- Deploys to devices automatically or to an enterprise app catalog for on-demand install
- Enforces passcodes and identifies history requirements
- Enables device-level encryption, data encryption, and hardware security policies
- Prevents data loss with app sharing permissions, copy/paste restrictions, and geo-fencing policies
- Configures organization security policies
- Automates remediation of threats with remote lock, device wipe or customizable quarantine controls
- Provides full visibility of endpoints from admin console
- Exports deployment analytics to third-party business intelligence (BI) solutions with DataMart integration
- Allows remote commands and controls to troubleshoot devices
Alternatives
Encryption Software
Because there are so many products available, encryption software is often categorized by the type of cipher used (e.g. public key or symmetric key), or by its purpose (e.g. data at rest or data in motion.) Depending on your needs, some of the key features to look out for include:
- Endpoint encryption
- Centralized management portal
- Key management
- Authentication
- Integration with other security tools
McAfee Complete Data Protection—Advanced
- Enterprise-grade drive encryption, or native encryption management for Apple FileVault on Mac OS X and Microsoft BitLocker for Windows Business
- ePolicy Orchestrator (McAfee ePO) management console to enforce organization policies
- Proves compliance with internal and regulatory privacy requirements
- Automatically encrypts files and folders before they move through and outside organization. Encrypts files to cloud storage services such as Dropbox, Google Drive and Microsoft OneDrive
- Protection for data at rest and in motion
- Prevents unauthorized system access and renders data unreadable in the event of device loss or theft with full-disk encryption and access control
Alternatives
Use case-specific products from Symantec
IBM Guardium for File and Database Encryption
Identity and Access Management (IAM)
Securing users’ personal data means ensuring that only authorized people are able to access it. Your IAM solution should include the following functionalities:
- Password and access manager
- Workflow automation
- Provisioning
- Single sign-on
- Multi-factor authentication
- User repository management
- Security analytics
- Role-based access control
IBM Security Identity and Access Assurance
- Includes IBM Security Access Manager, IBM Security Identity Governance and Intelligence, IBM Security Privileged Identity Manager, IBM Directory Suite and IBM Security QRadar Log Manager packages
- Policy-based access control validation and enforcement for sensitive data
- Automates user provisioning, monitoring and reporting on access activity throughout the user lifecycle, and audits use of privileged access credentials to manage compliance
- Access risk assessment and automated mitigation
- Collects and aggregates data into actionable IT forensics
- Directory Suite helps provides a single authoritative identity source
Alternatives
IAM products from Core Security
Consent Management Applications
In order to comply with the GDPR, all businesses that process EU user data must log users' consent to collecting their data and allow them to revoke their consent at any time. The regulation also requires businesses to notify users about how their data will be used, and if their data has been breached. Features that will help businesses comply include:
- Real-time view of compliance status with privacy regulations
- Audit trail
- Centralized consent database to demonstrate compliance
- Integration with existing systems, e.g. CRM and CMS systems
- Integration with multiple data collection points, e.g. web and paper forms, mobile apps, email and support calls
One Trust Universal Consent and Preference Management
- Integrates into existing marketing and IT technologies
- Centrally maintains a consent audit trail to help demonstrate accountability with regulations
- Consent is recorded and centrally stored using the OneTrust SDK, REST API or via bulk data feed import
- Reduces blanket withdrawal of consent by offering the option to opt-down or adjust the frequency, topic and content
- Multilingual with deployment flexibility in EU or U.S. cloud, or on-premise with the ability to migrate
Alternatives
BraveGen Consent Management Software System
Compliance Software
Compliance software should include the following features:
- Controls and policy library
- Remediation and exception management
- Sensitive data evaluation and identification
- Risk evaluation analysis
- Breach notification
Touted as "the ultimate GDPR compliance toolkit," Privacy Perfect features include data-protection impact assessments, processing activities (including transfers) and data breaches (including breach notifications to supervisory authorities and data subjects).
- Overview of personal data flows within your organization
- Risk-identification tools
- Shows which data are used for what purpose
- Report internally to customers and data-processing authorities
- Easily report data breaches
- Tools especially designed for Chief Privacy Officers (CPO)
Alternatives
Salpo GDPR Compliance Assistance tool
Tech Democracy’s Intellicta Platform
Customer Data Management (CDM) platforms
To enable enhanced privacy options for your customers and clients, customer data management platforms should provide functionalities to make it easy for you to comply with data privacy regulations:
- Offer opt-in or opt-out choices to online visitors
- Support for enabling Do Not Track by third parties
- Conformance with geo-based compliance regulations
- Manual and automated domain privacy audits
Ensighten Real-Time Data Privacy Enforcement
- Enforcement of data collection consent over all tags, not just those added via a TMS
- Enforces compliance with visitor consent preferences
- Privacy audits to review tags for privacy and security compliance, piggybacking of unauthorized tags, data vulnerabilities, industry affiliations and opt-out availability
- Implemented through a single line of code
- Whitelist and blacklist service allows you to only share data with trusted vendors
- Create separate environments for each region to comply with regional privacy regulations
- Get a real-time view of your digital data supply chain
- Deliver customizable customer consent overlays directly onto web pages
Alternatives
Tellium Privacy and Data Protection
Quick Pivot Customer Data Platform
Data backup and recovery solutions
The GDPR reintroduces the concept of the “right to be forgotten,” which requires that organizations erase a user’s personal data if they withdraw their consent for it to be used. This includes an individual’s historical data. Features to look out for if you want to be GDPR-compliant:
- Compliance reporting
- Recoverability reporting
- Ability to restore data
- Ability to define and manage data retention policies
- Search functionality that enables administrators to find specific data
- Roles-based access control
- Data encrypted in-motion and at-rest
- Threat alert and notifications
- Ability to erase data completely if a user withdraws their consent for its use
- Optimizes storage with deduplication
- Single solution to simplify backup and disaster recovery across your databases — from local servers to the cloud
- Easy access to search and restore messages
- Business files stored in third-party file-sharing applications can be protected in a secure, searchable and centralized virtual repository
- Self-service recovery portal accessible from any web browser or mobile device
- Protected files are hosted in a centralized virtual content repository, where access policies and permissions can be set and customized for individual users
- Encryption at source, in motion and at rest
- Vendor-neutral solution
Alternatives
Enterprise Content Management (ECM)
ECM covers the management of all content through creation to disposal:
- Intelligent encryption of PII data
- Enforcement of policy rules
- Access control and permission management
- Management of sensitive data movement out of the company
- Auditing and reporting
- Enablement of secure content collaboration
- Document management, e.g. versioning, search and organization
- Secure storage
- Critical information like personal data and documents are protected at every state: while at rest, while in use and while in transit between servers
- Granular rights access management provides control over exactly who can access information and what they can do with it
- Upholds individual privacy rights by securely storing, protecting and destroying information
- Fully-automated records management process, from document creation to record declaration, through final disposal/removal
- Configurable workflow automation and case management functionality to streamline GDPR compliance-related processes
- Automatic distribution of policies, digital confirmation by recipients and reports of acknowledgments and delinquencies
- Comprehensive auditing which can be made available to external auditors via a secure website
Alternatives
Amplexor Enterprise Content Management
Kefron Electronic Content Management System
Learn more about data privacy
Browse InfoSec Institute resources for more information on what you need to know about security and users’ privacy, and the GDPR and compliance:
- Technologies for Conducting Privacy Compliance Assessments
- User Privacy: The Price Paid
- PII And PHI Overview: What CISSPs Need To Know
- A Brief Guide to GDPR Compliance
Sources
- Data protection, European Commission
- Data protection impact assessments, ICO
- The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten,’ ScienceDirect