CLOSEX

Secure your Enterprise Data Storage

MetaDefender for Secure Storage

Regulatory Compliance

How does OPSWAT minimize your compliance risk?

Regulatory requirements mandate the privacy and security of sensitive customer data.

OPSWAT checks for any sensitive data that might be inadvertently exposed or maliciously targeted. Role based need to know access (including ‘read only’) minimizes violations of data privacy laws. Our products alert you to misuse, giving you visibility into suspicious or careless activity by your users. If this activity went undetected, it could put your organization at risk and result in significant regulatory fines and reputational loss

OPSWAT provides an advanced suite of technologies; including industry-leading Mutliscanning from 30+ anti-virus engines, Deep CDR (Content Disarm and Reconstruction) for sanitization of all files, and Proactive Data Loss Prevention to detect and block sensitive data; to help meet and exceed the mandated regulatory requirements

Sensitive Data Protection

Sensitive data block

Detect, redact, or block sensitive data with OPSWAT’s Proactive DLP (Data Loss Prevention) technology and prevent potential data breaches and regulatory compliance violations.

Automated reporting and remediation for sensitive data loss. Content-check 40+ common file types for confidential data and personally identifiable information (PII), including credit card numbers and social security numbers.

Monitor and log user actions for audit compliance.

Compliance Risk Mitigation

MetaDefender for Secure Storage helps you implement security policies (including giving role-based need to know and read-only access to prevent and contain unauthorized changes) and best practices to minimize data breach risks and violations of privacy laws and standards. The easy to implement solution enables you to secure content and block any potential data loss risks, helping you deliver on your share of the responsibility for the ‘Shared Security Responsibility Model’ advocated by cloud storage providers.

Compliance typeRegulation / StandardTypes of data protected
Industry-specific regulations have specific requirements to protect sensitive data from unauthorized accessPCI DSS (Payment Card Industry Data Security Standard) - Any entity that processes, stores or transmits cardholder data, such as merchants or payment card processors, is required to comply with PCI-DSS.
  • credit card number
  • security codes
  • address
HIPAA (The Health Insurance Portability and Accountability Act of 1996) - Healthcare providers, insurance providers and their business associates with access to patient health information (PHI) are required to comply with HIPAA.
  • email
  • date of birth
  • phone number
  • passport number
  • medical record number
NERC CIP (North American Electric Reliability Critical Infrastructure Protection) - Out of the dozen plus NERC standards developed to protect critical infrastructure, the Critical Infrastructure Protection (CIP) standard is the most relevant for secure storage of critical systems information.
  • security procedures or security information about BES Cyber Systems
  • collections of network addresses
  • network topology of the BES Cyber System
Privacy laws and regulations require organizations to guard against the unauthorized access, storage, and misuse of personal dataGDPR (Generate Data Protection Regulation) – The European Union guidelines mandate how organizations process and store customer data.
  • social security number
  • date of birth
  • phone number
  • address
CCPA (California Consumer Privacy Act) - Grants California consumers the right to request their personal data is not sold to third parties.
  • date of birth
  • phone number
  • address

In addition, Storage industry specific standards and Non-profit industry watchdogs provide in depth guidance for a wide variety of storage systems

NAMEDESCRIPTION
ISO27040 (a subset of ISO27001 for Storage Security developed by the International Organization for Standardization)This standard explores storage security risks and provides best practices for the entire life cycle of securing data and information stored in Physical and Virtual storages. It provides controls for designing and auditing storage virtualization, data confidentiality and integrity, data retention, data reliability, and data availability and resilience.
SNIA (Storage Networking Industry Association)The mission of SNIA is “to lead the storage industry in developing and promoting vendor-neutral architectures, standards and educational services that facilitate the efficient management, movement and security of information.”
FISMA (Federal Information Security Management Act of 2002)Requires federal agencies to implement a cybersecurity program that promotes a set of high-level best practices, such as creating an inventory of IT assets, utilizing security controls, and continuously monitoring for risks.
Risks of Non-compliance include
  • Fines ranging from thousands of dollars to millions on the high end.
  • Penalties that could include higher transaction fees, termination of contracts and relationships.
  • Loss of reputation, susceptibility to lawsuits.
  • Some violations carry criminal charges that can even result in jail time.
  • Inability to compete in Government/State/Local contracts that require Data Storage regulations and standards compliancy.