Addressing User Access in IT Security Compliance | IS Decisions
The risks of non-compliance are not worth taking. You face fines and even imprisonment — not to mention that non-compliance could lead to a serious data breach that might ultimately lose you clients and damage your reputation.
But addressing the murky waters of compliance has never been an easy task, and as regulators add more demands, the task gets ever more complex.
Regulators are placing more importance on the user side of security and are strengthening compliance requirements accordingly. For example National Institute of Standards and Technology Special Publication (NIST) 800-171 state that multifactor authentication should be used to identify user accounts for local and network access, The Payment Card Industry Data Security Standard (PCI DSS) and the Financial Conduct Authority (FCA) state that access to data should only be on a ‘need-to-know basis. The Health Insurance Portability and Accountability Act (HIPAA) in healthcare and the Federal Information Security Management Act (FISMA) in the legal sector both state that user actions must be identifiable to an individual. The Gramm-Leach-Bliley Act (GLBA) requires all employees to log out of their workstation when they leave at the end of the day.
The list goes on.
How UserLock can help you address compliance
Compliance requirements are rigorous and detailed for a reason — to protect you. Therefore, your defenses need to be equally rigorous.
UserLock helps you to go above and beyond many compliance requirements with specific, granular, and configurable user authentication rules and monitoring.
For example, UserLock makes it easy to verify the identity of all Active Directory accounts with multifactor authentication on all local and remote access connections. Once authenticated, UserLock’s logon restrictions help further verify all users’ claimed identity and secure network access. It can restrict access to administrator-approved individuals on a job-role, device, workstation, time or location basis — so that only those who need access have access. And administrators can set UserLock to automatically log out workstations after a period of inactivity or at the end of the working day to close off windows of opportunity for attackers.
These features portray but a few of UserLock’s capabilities when addressing user security compliance issues — and we continually update the software to address the latest compliance requirements worldwide. In essence, UserLock helps you to ensure that your data remains safe, your clients remain happy, your business is safe from fines, and your executives stay out of prison.
Learn More about IS Decisions
UserLock presents a 2FA solution that is both secure and easy to use. The latest version of the software has just been released, and now allows you to apply 2FA to VPN connections. UserLock integrates seamlessly with Active Directory to facilitate the implementation of multi-factor authentication across an organization.
UserLock supports MFA via authentication applications that include Google Authenticator, Microsoft Authenticator and LastPass Authenticator, or programmable hardware tokens such as YubiKey and Token2.