Addressing User Access in IT Security Compliance

user access for it security compliance

The risks of non-compliance are not worth taking. You face fines and even imprisonment — not to mention that non-compliance could lead to a serious data breach that might ultimately lose you clients and damage your reputation.

But addressing the murky waters of compliance has never been an easy task, and as regulators add more demands, the task gets ever more complex.

Regulators are placing more importance on the user side of security and are strengthening compliance requirements accordingly. For example National Institute of Standards and Technology Special Publication (NIST) 800-171 state that multifactor authentication should be used to identify user accounts for local and network access, The Payment Card Industry Data Security Standard (PCI DSS) and the Financial Conduct Authority (FCA) state that access to data should only be on a ‘need-to-know basis. The Health Insurance Portability and Accountability Act (HIPAA) in healthcare and the Federal Information Security Management Act (FISMA) in the legal sector both state that user actions must be identifiable to an individual. The Gramm-Leach-Bliley Act (GLBA) requires all employees to log out of their workstation when they leave at the end of the day.

The list goes on.

How UserLock can help you address compliance

Compliance requirements are rigorous and detailed for a reason — to protect you. Therefore, your defenses need to be equally rigorous.

UserLock helps you to go above and beyond many compliance requirements with specific, granular, and configurable user authentication rules and monitoring.

For example, UserLock makes it easy to verify the identity of all Active Directory accounts with multifactor authentication on all local and remote access connections. Once authenticated, UserLock’s logon restrictions help further verify all users’ claimed identity and secure network access. It can restrict access to administrator-approved individuals on a job-role, device, workstation, time or location basis — so that only those who need access have access. And administrators can set UserLock to automatically log out workstations after a period of inactivity or at the end of the working day to close off windows of opportunity for attackers.

These features portray but a few of UserLock’s capabilities when addressing user security compliance issues — and we continually update the software to address the latest compliance requirements worldwide. In essence, UserLock helps you to ensure that your data remains safe, your clients remain happy, your business is safe from fines, and your executives stay out of prison.

Share this post :

Avatar

Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.