GDPR compliance: Protecting the most critical layer of your enterprise security.
  • GDPR compliance: Protecting the most critical layer of your enterprise security.

The European Union's General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. The GDPR stands to be one of the most comprehensive frameworks of its kind and is a true game changer for organizations not just within the EU, but all over the world. While there is no single strategy that can help you comply with the GDPR, the purpose of the regulation is very clear: to strengthen personal data protection for EU citizens and residents.

According to the GDPR, the term personal data refers to any information which directly or indirectly helps identify a "Data Subject" (i.e., a natural person). Organizations today collect, store, process, and transmit large volumes of personally identifiable information and thus need to enforce stringent access controls to comply with the GDPR.

A multi-layered approach to info security.

In today's connected world, conventional data protection techniques, ones where the focus is on restricting the physical location of data, just won't cut it. An incredibly large volume of personal data is collected, stored, processed, and transmitted every day, and businesses need to look for more progressive solutions to safeguard stored information or information that is in transit. The most highly-recommended and widely-adopted technique is following a layered approach to information security, a combination of multiple security strategies which offset one another's capability to protect personal data, thus ensuring tighter security.

Public key infrastructure (PKI), a system which provides data security through encryption and authentication, forms one of the most crucial parts of this layered security model. Digital keys and certificates are at the heart of PKI. These are digital identities which protect access to critical systems and ensure strong encryption of personal data. Securing these digital identities is one important aspect that every organization should consider in their journey to become GDPR-compliant.

However, managing SSH keys and SSL certificates puts forth the following challenges:

  • In many organizations, there's no mechanism to centrally track the creation and deployment of SSH keys, which results in key duplication and the proliferation of unmonitored keys within the network. It's completely possible that these keys may end up in the wrong hands.
  • It's important to ensure that SSH keys are rotated periodically to prevent misuse. But manually rotating keys without proper visibility over the SSH environment is cumbersome and error-prone.
  • Similarly, SSL certificates in your network need to be continuously monitored and their expiration dates need to be tracked. With a large number of certificates in use, it's hard to track certificate usage and expiration without automation.

Key Manager Plus provides visibility and control over SSH and SSL environments.

ManageEngine Key Manager Plus is a web-based key management solution that automates and manages the entire life cycle of SSH keys and SSL certificates. SSH keys and SSL certificates protect critical business systems and applications that handle the personally identifiable information of any EU clients. Key Manager Plus helps admins discover, deploy, map, rotate, and monitor the SSH keys and SSL certificates used in their enterprise as well as enables secure, key-based access to critical systems.

With Key Manager Plus you can:

  • Discover and consolidate all the SSH keys in your network.
  • Create and deploy new keys to target servers.
  • Launch secure SSH sessions centrally.
  • Get a holistic view of key-user relationships within your organization.
  • Discover and consolidate all the SSL certificates within your network.
  • Centralize certificate requests to be sent to trusted CAs.
  • Deploy SSL certificates acquired from trusted CAs to their corresponding endpoint servers.
  • Identify and remediate configuration vulnerabilities post-deployment. 
  • Continuously monitor and track SSL certificates for expiration.

Disclaimer:

Fully complying with the GDPR requires a variety of solutions, processes, people, and technologies. Securing encryption keys and certificates is one strategy that helps organizations protect personally identifiable information, and together with other appropriate solutions and strategies, Key Manager Plus helps you reinforce data security and comply with the GDPR. This material is provided for informational purpose only and should not be considered as legal advice for GDPR compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.