I arrived at Dell World in Austin Texas on November 4. For the record, I was not a Dell customer attending a Dell customer event—an outsider of sorts, not to say that I didn’t feel welcome. The famous Texas hospitality was more than evident!
Luckily I was able to select conference sessions ahead of time, as the selection was massive. Naturally, I gravitated towards any sessions that revolved around information security.
I attended a session which discussed compliance from a user’s perspective… how to effectively achieve it on your own, or as I like to call it “How to make the auditor happy.”
Data breaches are rampant… almost commonplace in this day and age. A week rarely goes by without at least one large corporation in the news for losing personally identifiable information due to inadequate security controls. Information security awareness is higher than it’s ever been, but understanding complex compliance requirements is an intimidating endeavour to say the least. Many users are starting to self-assess (even if not officially required to), but eventually get bogged down by the technical details and jargon. Hiring a security auditor is always an option, but many lack the financial resources to do so. Being able to attend sessions like these at Dell World is a great benefit to both its users and partners.
Here are some of the key takeaways from the discussion:
1. How to manage by automation
- Administer and revoke access rights and permissions
- Implement best-practice compliance reporting
- Protect, retain and retrieve data for on-the-fly investigations
- Enforce compliance with company policies across desktops, laptops, etc.
2. How to remediate by changing the way you operate
- Implement preventative controls
- Establish policy over accounts, privileges and resources
- Establish perimeter boundaries through application control and visibility
3. How to think like an auditor
- Track security and performance indicators
- Audit and report on user activity
- Perform checks for segregation of duties
- Enable real-time alerts
- Establish Security and Compliance awareness training
- Analyze access rights and permissions to critical data
- Determine configuration settings and set baselines
There were numerous opportunities for me to reveal myself as a PCI Qualified Security Assessor during the session, but I decided to stay quiet in order to hear unbiased opinions from the attendees.
I wasn’t disappointed. The questions from the audience were thoughtful and challenging. They know too well that the real world often gets in the way when it comes to implementing adequate security controls, but at the same time they are taking compliance seriously.
It warms this auditor’s heart. Well done Dell.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.