Partners

Softcat work with a range of partners that can provide solutions to help you move towards GDPR compliance.

Find out more about our GDPR partners

Learn More

Close

Open

Close

AlienVault and GDPR

Purchasing and managing several point security solutions to prepare for GDPR compliance is costly and complex for resource-constrained security teams.

AlienVault's Unified Security Management (USMTM) eases and accelerates GDPR compliance readiness by combining multiple essential security capabilities you need to demonstrate compliance into one unified, affordable solution. AlienVault USM delivers asset discovery and inventory, vulnerability assessment, intrusion detection, behavioural monitoring, SIEM, log management, and integrated threat intelligence—all in a single pane of glass.

Within one solution for security monitoring and compliance management across your cloud and on-premises infrastructure, AlienVault USM helps you to prepare to meet GDPR compliance requirements quickly, easily, and affordably.

With AlienVault USM, you can:

  • Demonstrate that you regularly test, assess, and evaluate security practices with built-in asset discovery and vulnerability assessment capabilities
  • Prepare for forensic investigation with log retention and management
  • Monitor your critical systems and services with network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection (CIDS)
  • Stay in line with security best practices through threat intelligence updates continuously built into the product by security experts


AlienVault supports us with...

Starting on Day One, AlienVault USM supports GDPR compliance readiness by helping you detect data breaches, monitor data security, and document your compliance readiness. With complete security visibility from a single, unified solution, you can identify vulnerabilities before they affect personal data and easily monitor your environments for potential intrusions.

Open

Close

Barracuda and GDPR

The imminent implementation of GDPR presents challenges to organizations of all sizes. But these challenges also represent an opportunity to evaluate and improve your strategies for securing data in all forms and across all your network surfaces.

Barracuda solutions can help ease your GDPR compliance by securing personal and business data, preventing data breaches, and providing powerful reporting features that allow you to deliver breach notifications when required.

  • Secure personal data with state-of-the-art technology

Barracuda provides integrated security solutions that employ state-of-the-art security and data protection across multiple threat vectors. The solutions can be deployed across on-premises, private, and public cloud environments, to protect your data with consistent security policies that are centrally managed from a single pane of glass.

  • Prevent data breaches and data loss

Barracuda provides solutions that are able to inspect outbound network traffic for signs of malicious activity. They prevent spyware, keyloggers, and other malware from transmitting sensitive data outside the network. They are designed specifically for highly distributed, cloud-connected networks, to help you prevent breaches even as your hybrid infrastructure evolves and changes.

  • Providing breach notifications

Barracuda user-friendly security solutions provide detailed logs, reports, and dashboards that include information about users, IP addresses, geography, websites, applications, threats, severity, audit logs and more. This makes it straightforward to create detailed and required notifications if a breach occurs.


Barracuda supports us with...

Barracuda NextGen Firewalls are purpose-built for highly distributed and cloud-connected environments.

Barracuda Web Application Firewalls identify and remediate your website and web application vulnerabilities using comprehensive reverse-proxy-based protection.

Barracuda Backup creates secure, redundant, real-time, 256-bit AES encrypted backup of your offsite replicated data.

Barracuda Message Archiver is a cloud-connected email archiving solution that captures and securely stores an unmodified copy of every message at the time it is sent or received.

Open

Close

BlackBerry and GDPR

BlackBerry has a portfolio of tools and services that can help organisations manage their way through GDPR compliance.

  • BlackBerry Enterprise Mobility Suite provides a flexible approach to services that offer security and productivity while helping maintain compliance with GDPR. As an organisation's needs evolve the Enterprise Mobility Suite provides the ability to add more capabilities as needed.
  • BlackBerry Workspaces gives your organisation visibility and control of corporate, customer, and personal data to comply with GDPR.
  • BlackBerry provides a full range of cyber-security consulting services and can help you plan, deploy and manage your GDPR project.


BlackBerry supports us with...

BlackBerry Workspaces allows you to have full control of files shared internally and externally. You decide who gets access, for what purposes and for how long and it also allows you to dynamically revoke access to affected files at all time.
BlackBerry UEM allows you to manage and control the mobile endpoints used in your company. You can secure data access and storage on the endpoint. You can remotely delete affected endpoints to make sure no PII is compromised.

Open

Close

Blancco and GDPR

The new regulation stipulates that organizations must adhere to customers’ ‘Right to Erasure.’ This right covers five main principles:

  • Individuals can request their data to be erased.
  • Companies must provide proof of erasure of the individual’s data.
  • Companies can only keep an individual’s data to comply with retention policies or other acceptable reasons (reversing the burden of proof).
  • In order for organizations to retain information, individuals must provide explicit consent.
  • Companies must provide evidence of individuals providing this knowing consent.

Blancco Data Eraser solutions help organizations easily enforce data removal policies with end-of-life requirements to comply with EU GDPR’s ‘right to be forgotten’ through absolute data sanitization of IT assets and a 100% tamper-proof audit trail. Blancco is certified, approved and recommended by 18 national and international governing bodies, making it the #1 data erasure software solution in the world.


Blancco supports us with...

Permanently and irreversibly erase data on storage devices. Guarantee the data is unrecoverable, even with the use of advanced forensic tools. With Blancco Data Eraser solutions, you can prove data sanitization with the 100% tamper proof, audit-ready reporting.

When looking at best practices for EU GDPR compliance, it’s important to define where your data is stored, understand the business value, then establish data retention policies to store and, ultimately, erase the data. By incorporating data sanitization policies with Blancco Data Eraser, enterprises can maximize compliance with EU GDPR.

How does Blancco help organizations comply with data security regulations, such as the EU GDPR?

Organizations around the world are struggling with the best method for data sanitization across every IT asset. Data erasure is a data sanitization method recommended by Gartner, NIST and ISO. Wiping of data to certain standards will only go so far. And, most enterprises need an audit trail to prove compliance to data retention and sanitization. Blancco Data Eraser works across the entire enterprise and lifecycle of every IT asset. We support organizations by assisting in the development and enforcement of data removal policies to prove compliance and achieve the highest level of data sanitization across every device and stage of the data.

What differentiates Blancco from its competitors?

As the global innovator in data erasure, Blancco is able to help highly-regulated enterprises achieve compliance with strict industry standards to achieve absolute data sanitization of all IT assets, from mobile devices, to data centres, to virtual machines. Our patented SSD erasure process means organizations now have a secure method to erase data on storage devices – regardless of underlying technology – in a cost-effective, secure and eco-friendly manner.

Blancco data erasure software erases to 22 standards and provides comprehensive, tamper-proof reports to meet security and regulatory compliance requirements.

Open

Close

Check Point and GDPR

The European Union's General Data Protection Regulation ("GDPR") is a game changer for data protection. Its broad scope applies to any organization worldwide that handles any EU citizen's private information. It imposes an extensive list of protections on that data, limitations on how it is used, and customer notifications and consent in a wide range of situations. Crucially, GDPR mandates significant penalties for non-compliance. GDPR takes effect in mid-2018, which means organizations need to start planning their strategy for compliance now. Check Point solutions enable organizations to take immediate steps towards compliance with minimal impact to applications and operations.


Check Point supports us with...

Until GDPR implementation guidelines and certification standards are better established, organizations can leverage existing methodologies that are based on a risk-based approach. Check Point's Software Defined Protection (SDP) is such a model. The SDP architecture uses a three-tiered security approach that partitions the security infrastructure into three interconnected layers.

Open

Close

Cisco and GDPR

Cisco has a unique position with a strong world-wide presence in business consulting, technology, data processing, cloud computing, analytics, collaboration, cyber security?and technical and advanced services. Hence, Cisco has an immense opportunity to make a huge impact, by taking to market services and solutions, through selected partnerships, which will allow organisations reach compliance by the May 2018 deadline.

Cisco Security Technology solutions can help the customer to raise his security level, protect its data against leakage, and detect attempts to access the data without the necessary authorisation level.


Cisco supports us with...

Address GDPR regulatory requirements, Cisco can help you:

  • Assess applicability of your organisation's data, partners and entities to GDPR compliance
  • Understand the current state of your compliance programme and the steps to create an ?effective privacy programme which meets the requirements of GDPR
  • Perform a review of your GDPR compliance programme to adjust for changes in business services, new markets, adoption of technologies, use of partners and changed regulations
  • Identify other privacy obligations anticipated by your business plans

Speaking to customers about these real-world security problems can be challenging. Cisco has come up with solutions that address these business security challenges across the attack continuum. Cisco is the only vendor who can address security risks from the network, to the endpoint, and to/from the cloud.

  • Stop threats at the edge
  • Protect users wherever they are
  • Control who gets onto your network
  • Find and contain security issues fast

The average amount of time to detect a breach in a business is between 100-200 days. At Cisco, we bring that down to 9 hours across the globe. This, coupled with our Stealthwatch technology, which helps quarantines breaches, will help businesses identify what has happened and how best to stem the damage – both now and in the future.

Develop a GDPR compliant Privacy and Data Protection programme to support the specific needs of your organisation and the mandated regulations.

  • Perform an evaluation of GDPR requirements and obligations
  • Understand specific business needs, information lifecycle, growth plans and use of technology
  • Perform a PIA to establish the personal data that is being collected, why it is being collected and how it will be used, secured, shared and stored
  • Assess existing programme against a custom set of relevant process maturity goals
  • Development of a comprehensive privacy programme roadmap to meet both the needs of the business and GDPR compliance requirements
How can Cisco help secure data?

One of the key elements of GDPR compliance is controlling access to the resources?where the personal data is stored and processed. Cisco 's access control and network segmentation capabilities help customers gain awareness of everything hitting their network, and provide access consistently and efficiently. This relieves the stress of complex access management, as security policies are updated and distributed dynamically.

Associated technologies:

  • Identity Services Engine
  • TrustSec

Open

Close

Clearswift and GDPR

Clearswift's real-time monitoring and adaptive security technology can transform your existing IT environment into a compliance machine. We can not only help get you out of the GDPR starting blocks with our data discovery solution, our unique Adaptive Data Loss Prevention (A-DLP) technology will protect your critical data as it flows across email, the web and your cloud collaboration applications to ensure you comply with the GDPR.

Whether its sensitive data hidden inside the network or shared across cloud, Clearswift will automatically detect it and secure it - without complexity or disruption to communication flow. Clearswift will give you control and visibility of your organisation's critical information with technology recognised on Gartner's Magic Quadrant for Data Loss Prevention (DLP), to protect your organisation from data loss risks and breaches.


Clearswift supports us with...

Securing PII data (or other sensitive data) automatically will be key to achieving and maintaining compliance. Doing so without impacting the ability to communicate freely will be essential to retain an organisations productivity whilst complying with the GDPR. Clearswift's A-DLP solution surgically edits out PII content automatically and in real-time, achieving the otherwise elusive balance between security and productivity.

Being able to respond to a 'Right to be Forgotten' request is a critical element to GDPR. The same Clearswift technology that helped to scope your PII data, can also deliver full reporting on a specific set of data. It can also securely relocate data to a central repository – fully audited.

How does Clearswift help me with my GDPR compliance?

Below is how Clearswift can help your organisation with our practical approach to GDPR Compliance – Discover, Secure and Govern:

  1. Provide you with visibility into how much PII data you hold, where it is located, and how it is moving in and out of your business.
  2. Help you secure data from inbound advanced threats and outbound data loss risks, so you can remain confident your critical information is safe and protected from breaches while it's being processed and shared by your team.
  3. Enable you to govern your critical data and files with unique track and trace features for violation/breach analysis to identify loss of regulatory data, sources and exposure for notifications and reporting.

What is Adaptive Data Loss Prevention (A-DLP)?

Clearswift's intelligent technology delves deep into files flowing across your digital collaboration channels to detect and identify PII content (and other sensitive data). It then modifies content so the PII (or other sensitive data) is removed, making the remainder of the file compliant and deliverable, aiding GDPR compliance, all without hindering your team's communication flow.

Open

Close

Commvault and GDPR

Commvault software is a key foundational element for GDPR compliance. We consolidate critical data protection, compliance and discovery operations in one unified solution, giving you visibility into all the personal data you store, whether on-premises or in the cloud. This makes it easy to meet your GDPR obligations — and prove your compliance to regulators.

Commvault software integrates backup, recovery and archiving in a way that creates a single searchable pool of all your structured and unstructured data, no matter where it's located. By simplifying information governance, Commvault gives you the visibility and control you need to meet your GDPR obligations.

By eliminating the need for multiple point products to manage your data, Commvault software does more than just lay a foundation for GDPR compliance — it also helps you improve operational efficiency, gain business advantage and boost employee productivity.


Commvault supports us with...

  • Identifying the presence of personal data in all data locations
  • Automating special handling of information with standard data policies
  • Supporting the export and erasure of personal data from all data sources
  • Detecting and deleting unneeded copies of personal data
  • Maintaining an auditable chain of custody on an individual's personal data
  • Understanding data leakage risk and speeding up data breach analysis

Open

Close

CyberCrowd and GDPR

Cybercrowd is a data protection and information security services provider. We provide advisory services, technology services and managed services to organisations that want to improve their information risk management regime, become more cyber resilient and meet compliance obligations.

The GDPR is more than an IT or technology issue, it impacts your organisation. Parts of the GDPR will have a bigger impact on some organisations more than others. Likewise, the maturity of data protection practices will differ between organisations. Because of this, a ‘one size fits all’ approach is not appropriate.

Our GDPR Readiness Programme covers all aspects of the steps you need to take to be prepared. We do this over 4 phases as follows:

  • Understand: Our Phase 1 services cover awareness workshops and assessments of your readiness for the regulation.
  • Define: At Phase 2, we define the scope of compliance for your organisation and design a readiness framework and implementation programme.
  • Implement: During Phase 3 we work with you to implement your compliance framework using the scope, objectives, framework and programme agreed at Phase 2.
  • Manage: With your initial compliance framework implemented, at Phase 4 we can support your ongoing data protection operations and provide managed data protection services.


CyberCrowd supports us with...

Our awareness workshops and readiness assessments help organisations understand how prepared they are and the key steps that they need to take to be ready. These services are:

  • GDPR Awareness Workshop
  • GDPR Readiness Assessment
  • Security Posture Review

The GDPR requires organisations to take and demonstrate accountability for their processing activities and for being compliant. Accountability requires implementing appropriate ‘technical and organisational’ measures. Such measures cover polices, process and governance. Our Phase, 2, 3 and 4 services support organisations in designing, implementing and maintaining the necessary accountability requirements.

Can you certify us as compliant?

No, because the GDPR isn’t a ‘pass/fail’ standard. It requires organisations to be accountable for their personal data processing and for complying with the regulation. Among other things, this will require a risk based approach to your processing activities. Our services can help you understand what is required and the steps you need to take in line with available guidance and data protection best practice.

Who from our business should be involved when we use your services?

You should ideally involve the those responsible for ‘owning’ and processing personal data in your organisation. Also, those involved in related governance functions. Board level involvement is recommended as well. Typical functions often include human resources, marketing, customer services, finance, legal, compliance/internal audit and IT. We can help you identify the relevant stakeholders before delivering services.

Can you provide us with data protection managed services?

Yes, we can help you meet your data protection responsibilities on an ongoing basis. Our data protection support service complements your in-house capabilities. We provide you with ongoing maintenance of your data protection and compliance framework. Also, remote support to help answer questions or deal with incidents and issues as they arise.  Our data protection managed service provides you with out-tasked or outsourced data protection consultancy. We can take responsibility for specific obligations or for your overall data protection programme. We are also able to provide DPO as a Service and virtual information security manager / CISO services.

Open

Close

Cylance and GDPR

Prevention is always better than cure

Fulfilling the GDPR requirement is essential. The presence of a data protection officer, sensitive data processing and comprehensive breach reporting structures will address your compliance obligations. But these do nothing to reduce the risk of a data breach.

Even in a fully-compliant GPDR world, a data breach will set off a chain reaction of escalating costs, damaged reputations and the potential loss of future business.

"Privacy by Design' begins with security

While security is just one of the seven key principles within GDPR's "Privacy by Design", it is the one that offers the biggest impact – by minimising the risk of data breaches in the first place.

By implementing a security solution from Cylance, you can prevent 99% of cyberattacks and data breaches and eliminate the high-cost regulatory chain reaction.

  • PREDICT. Using the power of artificial intelligence, algorithmic science and machine learning to predict known and unknown attack
  • PREVENT. Proactively preventing malware execution and exploits to secure the endpoint and prevent attacks on your data
  • PROTECT. Preventing data breaches to protect your business from the costs of GDPR non-compliance and to reclaim the time and resources consumed by incident response


Cylance supports us with...

With much of the GDPR debate focusing on data privacy, compliance and reporting, rebalancing strategies to reduce the number of data breaches in the first place is being overlooked. With proactive prevention, Cylance can help you stop a breach to achieve value beyond just compliance.

GDPR Benefits Beyond Compliance

Reducing an organisations exposure to breaches delivers more than compliance or short £££ savings:

Enhanced corporate reputations. A clear demonstration of going beyond GDPR to reduce clients’ exposure to risk

Accelerated competitiveness. Focusing IT and compliance budget and resource away from remediation to investment in digital service innovation

Business health and wellbeing. Using GDPR as an opportunity to analyse, improve and streamline processes, and to deploy state-of-the-art security

Open

Close

Druva and GDPR

Druva enables organisations in their journey to achieving GDPR compliance through the Public Cloud. Druva delivers secure backup and proactive compliance capabilities as a service across endpoints, servers and cloud applications (Office 365, Google Docs and Box).  As GDPR requires organisations to have complete control of EU citizen information no matter where it lives, Druva maximises insight across all sources of critical data with deep analytics, search, and erasure capabilities.  Druva removes the data silos that encumber businesses by delivering a unified view over data--  from the datacentre to the mobile edge to cloud applications.  Using the public cloud, Druva allows organisations to comply with GDPR, as well as other compliance regulations, whilst modernising their data protection strategy on demand and at the scale required to securely assess, manage, and process information in the Zettabyte Era.


Druva supports us with...

Druva Cloud Data Protection implements security and data privacy as core design principles by default.  All data-in-flight and data-at-rest is encrypted using state of the art TLS 1.2 and AES-256.  With zero vendor or third party access, organisations can be assured that their information is secure and only accessible by them.

Druva Cloud Data Protection provides a complete information governance framework that manages data from cradle to grave.  With robust search and legal hold capabilities, Druva Cloud Data Protection can manage and preserve information across all enterprise data sources.

What security capabilities are available in Druva Cloud Data Protection to enable GDPR compliance?

In addition to encryption of data-in-flight and data-at-rest using TLS 1.2 and AES-256 respectively, Druva Cloud Data Protection provides Role-based Access Control, integration with SAML or LDAP based directory services, Data Loss Prevention, and Multi-Factor Authentication.  In order to meet GDPR requirements for “Security of Processing”, Druva provides a full audit trail of non-privileged (end users) and privileged (administrators) users activities, so you can validate all actions taken against data.

The “Right to Erasure” is a major change to GDPR over the DPD. How can Druva help enable compliance with this key Article in GDPR?

With Druva’s advanced search capabilities, organisations can find out where data lives across endpoints, servers, virtual machines, databases, and cloud applications.  In some cases, this search capability may find copies of the same data across multiple sources.  Using Druva’s Defensible Delete function, information can be authoritatively removed from multiple data sources with a complete audit trail of the deletion for manageability and traceability purposes.

In addition to the “Right to Erasure” what other Articles of GDPR does Druva Cloud Data Protection support?

Druva Cloud Data Protection supports several key GDPR Articles including Data Portability (Article 20), Data Protection by Design and Default (Article 25), Records of Processing (Article 30), Security of Processing (Article 32), and 3rd Party Data Transfers (Article 44-50).

Open

Close

Egress and GDPR

Data is often most vulnerable at the point it is shared. This could be the result of an email being sent to the wrong recipient, or data being shared via a third-party collaboration website. GDPR will require organisations to be able to demonstrate they have put in place the necessary technology and training to protect shared information. This should include policies that can automatically apply encryption, so that regardless of a breach, the underlying data remains secured.

Switch Threat Protection prevents emails from being send to the wrong recipient, using machine learning and big data analytics.

Switch Secure Email and File Transfer enables end users and their third-party recipients to easily and securely exchange sensitive data. Uniquely, business retains control of how data is accessed, even after sharing.

Switch Secure Workspace is a secure online environment for sharing files and collaborating with multiple users in real-time.

Switch Email and Document Classifier enables end-users to mark the sensitivity of files and ensure they are handled securely.

Switch Secure Vault indexes, archives and enables search through both encrypted and clear text email content, proving governance professionals the ability to rapidly conduct search and e-discovery to demonstrate compliance.


Egress supports us with...

Egress is the leading provider of data security services designed to protect shared information throughout its lifecycle. Offering Public Sector and Enterprise customers a portfolio of complementary services, the Egress Switch platform enables end-users to share and collaborate securely, reducing the risk of loss and maintaining compliance.

Egress gives businesses the auditing and reporting features they require to implement secure messaging solutions while maintaining GDPR compliance. We help organisations ascertain whether they could respond to a breach within 72 hours, and to manage other demands, such as Freedom of Information requests or Subject Access Requests.

How can Egress help you understand what sensitive data you are handling?

Your users will be able to immediately see the sensitivity of any given file and mark the sensitivity of files for the benefit of other users. Meanwhile, the organisation can use our e-discovery tools to rapidly gain an understanding of how sensitive data has been shared and accessed across the organisation and beyond, searching through plain text and encrypted content at remarkable speed.

How can Egress help you secure the sensitive data you need to share?

Egress Switch makes it easy to encrypt data at the point of sharing, and incorporates sophisticated features that help you stay in control of how data is accessed, even after sending. Encryption is at the core of our platform, working alongside features that ensure only the correct recipient accesses sensitive information.

How can Egress help you demonstrate your compliance with EU GDPR?

Being able to show the regulator what your organisation has done to secure data or limit the impact of a breach is a vital aspect of GDPR compliance. Auditing and reporting tools feature across the Egress Switch platform and give end users and governance professionals the ability to understand in significant detail how data has been accessed at every stage.

Open

Close

F5 and GDPR

Data encryption is a key component in maintaining secure systems and complying with GDPR. The regulation, however, calls out other areas of information governance to which you must adhere in order to be compliant. The fundamental threats to information security are data leakage, violation of integrity, denial of service and authorised use of information and these are addressed in Article 32 of the regulation. It specifically calls out confidentiality, integrity, availability and resilience as components you must provide in order to deliver data protection.

F5 Networks provides solutions for all aspects of a comprehensive data security strategy, including strong encryption, web application protection from cyber hacks, mitigation of denial of service attacks and high availability and resilience from site or cloud outages.


F5 supports us with...

To be secure, your applications must have strong access control, provide strong encryption and be always available. F5 provides platforms and hosted cloud services to ensure that your apps are encrypted, tightly controlled and protected from outages, cyber threats and denial of service attacks.

Open

Close

Forcepoint and GDPR

Forcepoint's portfolio of products safeguards users, data and networks against the most determined adversaries, from accidental or malicious insider threats to advanced outside attacks, across the entire threat lifecycle. Specific to GDPR, Forcepoint provides organisations with deep visibility into how critical data is being processed across their infrastructure; on-premises, in the Cloud or within their increasingly remote workforce.

There are 3 core areas where Forcepoint's solutions can help organisations meet the requirements of the GDPR:

  • Inventorying personal data, whether as part of the initial scoping of a compliance program or to support the operational duties of controllers, processors or responders, including dealing with subject access requests or data incidents.
  • Mapping personal data flows across the organisation that expose broken business processes and unsanctioned IT or highlight supply chain activity that puts critical data at risk. This clear visibility allows organisations to implement management and control of personal data flows using mechanisms such as authorization, policy-based encryption, notification and blocking to mitigate risk.
  • Leveraging behavioural analytics and risk modelling to rapidly detect high-risk employee activity (malicious or compromised) and broken business processes that put critical data at risk, as well as enabling a quick and decisive response, which often lets organisations get ahead of the breach itself.


Forcepoint supports us with...

Forcepoint's data protection and insider threat technologies help to protect business-critical and sensitive data against malicious insiders, compromised users and accidental data loss.

How can Forcepoint help me when I have to respond to a data loss incident?

Many organisations are overwhelmed by the alerts from DLP products and often miss critical events – Forcepoint DLP offer Incident Risk Ranking (IRR) which streamlines response times and reduces the operational burden. Forcepoint Insider Threat extends this behavioural analytics from data to users to identify high risk users putting the organisation at risk.

How can Forcepoint help to manage, monitor and enforce my Data Protection policies and processes?

Forcepoint DLP and Insider Threat solutions can help to provide a technical solution by supporting the inventorying of personal data; mapping, managing and controlling personal data flows; and assisting in responding to a data incident.

How can I identify where personal data (PII) wherever it resides--at rest, in use and in motion--in my organisation?

Using Forcepoint solutions you can identify personal data in structured and unstructured data formats and across your entire infrastructure, e.g. Endpoint, Cloud, On-premise and file servers, email services, web communications (including SSL), and other communication channels. Also, Forcepoint DLP is able to identify data theft, where data theft attempts are deliberately obscured.

Open

Close

HP Inc and GDPR

The World’s most secure printers.

Protect, detect and recover with the latest generation of HP Enterprise printing devices that are unique in the marketplace. They offer three key technologies together designed to thwart attackers efforts and self-heal. These features automatically trigger a reboot in the event of an attack or anomaly.

HP Sure Start– validates the integrity of the BIOS at every boot cycle, if a compromised version is discovered, the device restarts using a safe @golden copy@ of the BIOS.

Whitelisting – helps ensure that only authentic, known-good HP code that has not been tampered with is loaded into the memory. If an anomaly is detected, the device reboots to secure, offline state. It then sends a notice to IT to reload the firmware.

Run-time intrusion detection– helps protect devices while they are operational and connected to the network. This feature checks for anomalies during complex firmware and memory operations. In the event of an intrusion, the device automatically reboots.

HP can help you to define the right policies to put in place to improve the security of your printing environment and with the World’s most secure printers can ensure that you are selecting best in class technology to protect your data in readiness for GDPR compliance.


HP Inc supports us with...

Protect the Device and your network with printers that can detect and prevent attacks in real time.

Protect the Data with HP software solutions that help ensure only authenticated users and devices access your print network and keep your data encrypted.

Protect the Document with security solutions to reduce unclaimed print jobs and deter tampering or fraud.

Manage printing securely with HP JetAdvantage Security Manager and HP Secure MPS

Does buying these HP printers make my company GDPR compliant?

No, the first measure is to define the right policies for a secure printing environment and then place the right products to enforce the policy. HP and its approved partners can advise on printing policy and can provide the World's most secure printers that will help to make you compliant.

How can I ensure my entire print fleet is protected – do I need to go device by device to deploy improved security settings?

HP JetAdvantage Security Manager will help ensure that the security policies that you set are pushed out remotely and set across the entire fleet.

How do I assess my printing data risk?

HP and its approved partners can provide solutions and services as well as the consultation to help you identify your printing landscape and can advise on the data risks associated with your print environment.

Open

Close

Informatica and GDPR

Informatica's Solution for GDPR is the Industry's First Intelligent, Integrated Solution Designed to Engage Business, IT and Security on their Journey to GDPR

  • Supports GDPR compliance efforts through integrated and intelligent governance solutions
  • Powers holistic enterprise data governance and compliance
  • Leverages CLAIRE Engine - Intelligent Data Platform

Companies need to discover, assess and govern their in-scope data. Informatica helps organisations with:

Benefits of Informatica include:

  • Addressing the full spectrum of data governance requirements with an integrated, intelligent, highly automated solution.
  • Drive collaboration between business and technical staff to meet governance goals.
  • Govern data for any use case, user and deployment type, including cloud, on-premises, hybrid and big data environments.
  • Quickly spot, monitor and protect sensitive data across all data types.
  • Visibility to sensitive data risks and detection of anomalous activities using machine learning and quickly act on them.
  • Introduce automation into data masking to reduce risk of personal data exposure and help ensure that personal data is not proliferated without suitable protection.
  • Reduce risk with a single view of data subjects and manage consent.


Informatica supports us with...

Informatica Secure@Source discovers, assesses, analyses, and visually maps in-scope sensitive data wherever it resides, detects and scores potential risk, and orchestrates remediation across sensitive structured and unstructured data stores across the enterprise.

Informatica Axon defines and governs in-scope data by engaging all constituencies, technical and business, to effectively govern an organization's data.

Informatica Enterprise Information Catalog provides a machine learning-based engine that automatically scans and catalogues data assets across the enterprise, and indexes them for enterprise-wide discovery.

Do you know what data you hold, who has access to it and for what purposes?

Requirement: Data Governance
Lead Solution: Informatica Axon

  • Policy definitions
  • Role assignments
  • Approval workflows for tasks and definitions

Do you know where all your in-scope data is?

Requirement: Sensitive Data Discovery & Risk

Lead Solution: Informatica Secure@Source

  • Discover & classify sensitive data
  • Data map and data proliferation
  • Heat maps to detect high-risk areas to setup a protection plan
  • User access and activity
  • Risk monitoring & management

Open

Close

Ipswitch and GDPR

MOVEit is a Secure Managed File Transfer solution that ensures that all external data sharing processes are secure and in compliance with data protection regulations like the GDPR. Features include:

Enhanced Security and Compliance
Advanced security features include FIPS 140-2 validated AES-256 cryptography, user authorisation/authentication, delivery confirmation, non-repudiation and hardened platform configurations. MOVEit logs activities in a tamper-evident database to comply with ISO 27001 ( the guiding standard for many data privacy laws). MOVEit also integrates with identity systems through SAML 2.0, AD, LDAP services, and SIEMs.


Flexible Deployment and Access Options
A broad range of client options support mobile, web and Outlook access. MOVEit flexible architecture supports scalability, high-availability DMZ proxy implementations. Domain-based or username-based multi-tenancy configurations are also supported. User access can be securely controlled via Multi-Factor Authentication (MFA) and user-class-based password expiration policies.


Minimise the Risk of Data Loss
MOVEit's automated workflows minimise the risks of data loss and/or non-compliant manual transfers. MOVEit provides guaranteed delivery, PGP encryption of data at rest and granular access controls. Integration with popular anti-virus software and DLP software ensures that no one accidentally (or purposely) sends confidential documents or data outside of your secure perimeter.


Ipswitch supports us with...

MOVEit enables full security of data during all aspects of transfer processing workflows. Data is encrypted in transit and at rest. Workflow and task creation requires authentication and changes generate alerts. Additional security features include non-repudiation, guaranteed delivery and full integration with your existing security infrastructure.

MOVEit enables full management visibility and control over all external data transfer activities. Activity can be monitored and alerts can be set for failures and changes to workflow tasks. Out-of-the-box reports and a full audit trail help IT management assure compliance with data protection regulations and internal SLAs. 

Open

Close

Ivanti and GDPR

Ivanti offers a range of security solutions to help you meet your multi-layered protection needs. Looking to unify your security and systems management? Add third-party patching? Adopt simpler but also granular access control? Or provide robust security management?

Ivanti solutions help organisations automate and secure the digital workspace of today. Our solutions in both Service management and Endpoint security help organisations protect PII data and respond and comply to GDPR. The Ivanti Patch Management offerings will help your organisation ensure timely and automated patching of operating systems, applications (including all non-Microsoft applications).

The Ivanti Service Desk offerings help organisations put in place additional incident response and remediation capabilities allowing IT to respond to respond to requests for PII data from stakeholders within the upcoming GDPR legislation.

By combining endpoint security with Service management, Ivanti customers are able to automate and comply with GDPR without effecting existing user and customer experience.


Ivanti supports us with...

The applications your people use to view documents, images, and email, and access customer data are all vulnerable to multiple exploits. Ivanti makes sure your security policy includes timely patching of applications (including non-Microsoft) and operating systems, with the ability to raise, lower or even eliminate privileges dynamically on a user, application, or task basis – keeping both users & organisation safe and productive.

Ivanti helps streamline the implementation and enforcement of most processes and policies. You determine your processes or policies, then utilise Ivanti to automate manual processes by building them into a workflow, ensuring the policy is enforces and leaving you with an automated and audit-ready compliance plan.

How long do you spend patching your OS’s and Apps?

The applications your people use to view documents, images, and email, and access customer data are all vulnerable to multiple exploits. Ivanti makes sure your security policy includes timely patching of applications (including non-Microsoft) and operating systems, with the ability to raise, lower or even eliminate privileges dynamically on a user, application, or task basis – keeping both users & organisation safe and productive.

How can you manage and secure what you don’t know about?

For one manufacturer, knowing the details about what's on its network and automatically removing unused software helped it save $958,000 in licensing fees. For another customer, accurate visibility was crucial for security purposes. When a department VP asked how much it would cost to upgrade all PCs to the latest OS, IT had the answers.

With inventory management capabilities and network discovery tools from Ivanti, you can discover all devices on your network. Track devices in any location across the Internet and all applications on each device. And make sure you can survive that looming software audit.

How are you going to effectively manage PII requests?

Organisations who have a breach relating to PII data have 72 hours to report an incident to a supervisory authority. Responding to an incident is key and challenging as it involves users, infosec, IT ops and the newly created data protection officer. Pulling together processes and data in a timely fashion will also include remediation and detailed analysis of what took place. Service Management solutions will no doubt be at the heart of managing such incidents and response.

In addition to providing endpoint security solutions to protect PII data, Ivanti is uniquely positioned as one of the leading ITSM vendors to help automate and implement the necessary processes and workflow to ensure organisations can respond to PII data requests, deal with incidents and comply with GDPR.

Open

Close

McAfee and GDPR

GDPR is a transformational opportunity for all organisations. It's designed to protect EU citizens data in an ever-connected world, for organisations this is perhaps an opportunity to look at how they are providing secure services to consumers and employees and how they may evolve these services in an ever more complex and resource-constrained environment.
It is a new regulation that affects the full data lifecycle from collection, processing, storage, usage and destruction. It requires organisations to implement appropriate measures to protect personal data (IP address) but is not prescriptive in the controls
From a security team's point of view, GDPR is an opportunity. Meeting the GDPR requirements means putting in place processes and technologies that are appropriate for the challenges we now face and also ensure we can provide transformation services to citizens, employees and customers. These 'challenges' include Device Proliferation, adoption of cloud services, DevOps and dealing with the ongoing skills shortage in Cyber and Data Protection.

McAfee technology can help alleviate these challenges and addresses a large number of the risk factors impacting data protection:

  • Poor Data Governance (knowing where your data is)
  • External Attackers
  • Internal Risks such as accidental or malicious insider activity.


McAfee supports us with...

Our solutions protect against malware infection, accidental loss and malicious theft, cloud-related risks and application/database exploitation. Speak to us about Endpoint Protection and Encryption, Data Loss Prevention, Web Gateway, and Application Control.

 

Open

Close

Microsoft and GDPR

GDPR is the most significant change to European Union (EU) privacy law in two decades. The GDPR requires that organizations respect and protect personal data – no matter where it is sent, processed or stored. Complying with the GDPR will not be easy. To simplify your path to compliance, Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018

GDPR policies require privacy-by-design and by-default, and brings with it inherent operational complexity. Microsoft Cloud services and Softcat's services can enable customers to meet privacy-by-design requirements in addition customers can use Microsoft Cloud services to build evidence of risk mitigation strategies and controls.

Why should customers utilize Microsoft Solutions for GDPR:

  • Microsoft is the first major cloud services provider to pledge GDPR compliance
  • Microsoft has been an industry leader on Model Clauses, HIPAA, ISO 27018, and is taking a similar lead on GDPR compliance.
  • Microsoft offers the most comprehensive set of compliance capabilities of any major cloud service provider and has the best baseline to build from.
  • Microsoft provides a single stack solution — all pieces work together.
  • Microsoft's speed of solution innovation is high and will continue as it enables customers to meet their compliance needs.


Microsoft supports us with...

Open

Close

Mimecast and GDPR

Mimecast's integrated cloud suite eases the General Data Protection Regulation (GDPR) compliance and improves email cyber resilience in the cloud.

Mimecast Targeted Threat Protection protects the organisation against spam, viruses, malware, emerging threats and other challenges to ease compliance with GDPR regulations. Mimecast Content Control and DLP enforce security controls in real-time to prevent intentional or accidental leakage of personal or sensitive data and help mitigate GDPR risks. Mimecast Secure Messaging safeguards employee communication with encrypted email communications.

Mimecast Cloud Archiving offers comprehensive search, e-discovery and compliance support for GDPR Subject access, rectification, portability requests and consent withdrawal. Personal information from email archives, network shares and folders is retrieved in seconds, allowing compliance professionals to filter, tag and annotate search results for further review if needed.

A single, intuitive console makes it easy for IT administrators to configure all Mimecast services, with all access logged to help audit compliance with GDPR policy.


Mimecast supports us with...

Mimecast Targeted Threat Protection defends organisations from spear-phishing, ransomware, impersonation and helps mitigate GDPR fines.

Mimecast Content Control and DLP protects against the leakage of intellectual property and other sensitive data to ease compliance with GDPR regulations.

Mimecast Secure Messaging secures sensitive communications and files as easily as sending email.

Mimecast Cloud Archiving offers comprehensive search, e-discovery and compliance support for GDPR Subject access, rectification, portability requests and consent withdrawal. Personal information from email archives, network shares and folders is retrieved in seconds, allowing compliance professionals to filter, tag and annotate search results for further review if needed.

Open

Close

Snow and GDPR

Softcat's partnership with Snow Software is so intrinsic that we have integrated their SAM technologies into our own services, and it is the very first name we recommend when it comes to asset management. That's why we're so confident in their GDPR Risk Assessment solution.

Snow GDPR Risk Assessment provides complete visibility of all devices, users and applications across on-premises, cloud and mobile, augmented with GDPR-specific risk assessment to build an effective GDPR plan and response. Automated discovery provides a detailed accounting of which users have access to which applications and cloud services and how they are used.
Out-of-the-box reports assist with common GDPR use cases while powerful datasets enable you to export and manipulate data for any purpose.


Snow supports us with...

Knowing who has access to key software applications and data and who uses key applications will enable the tracing of users in the event of a security breach. A large proportion of security breaches are internal, either deliberate or through negligence. Deploying Snow's GDPR solution will help identify who is responsible for a data breach and in some cases, enable preventative measures.

HOW CAN I PROVE WHERE MY DATA RESIDES IF I DON’T HAVE A COMPLETE VIEW OF THE HARDWARE AND APPLICATIONS IN USE ACROSS MY NETWORK?

Snow GDPR Risk Assessment provides a full and accurate view of applications and hardware across the estate. Use this powerful data source to prove completeness.

IF A USER HAS ACCESS TO PERSONAL DATA THROUGH APPLICATIONS ON THEIR DEVICE, WHAT OTHER APPLICATIONS IN USE MIGHT POSE A GDPR COMPLIANCE RISK?

Snow GDPR Risk Assessment identifies all applications by user, categorising and highlighting those that potentially represent a risk. Use this information to make clear, recorded decisions as part of a GDPR assessment.

IF MY ORGANIZATION LOST A DEVICE WHICH CONTAINED PERSONAL DATA, COULD I PROVE WHICH APPLICATIONS WERE INSTALLED TO PROTECT THAT DATA FROM BEING ACCESSED?

If you can show that the personal data was subject to technological protection measures (e.g. encryption), rendering it unintelligible to unauthorized people you don't need to notify affected data subjects of the breach. The ability to remotely wipe devices also drastically reduces the potential impact of a breach. Snow GDPR Risk Assessment provides the required audit trail proof.

Open

Close

Sophos and GDPR

The GDPR deadline is quickly approaching and the level of data protection and data security measures any company choose to implement will vary from business to business and in most cases will be dependent on the amount of risk that the company is prepared to face vs cost and effort.

Sophos recommends that all organisations should prepare for the GDPR by preventing the top reasons for data loss to as part of their data security strategy: stop hacking and malware, protect against ransomware, and have solutions in place that protect data on lost or stolen devices. A great place to start GDPR preparations is with easy-to-deploy solutions managed by the unified, easy-to-use, and cloud-based Sophos Central admin interface, for example, Sophos Intercept X, Sophos Endpoint Protection, Sophos Central Device Encryption and Sophos Mobile.

For additional risk mitigation, companies can increase their data security levels by stopping the threats at the network with Sophos XG Firewall, or protect themselves against the more difficult reasons for data loss, for example, human error and unintentional data leakage, with Sophos SafeGuard Encryption.


Sophos supports us with...

Keeps your endpoints secure from the latest malware and ransomware with Intercept X. 

Take this 60-second compliance test and identify the areas of non-compliance within your business. 

Open

Close

Thales and GDPR

Thales e-security protects data wherever it may be, whether it's in motion, in use, or at rest. We provide data security solutions that help companies protect their information, whether internal, in the cloud, through a managed service, and even data moving out of the environment.

Specific Requirements

Some of the key provisions of the GDPR require organizations to:

  • Implement technical and organizational measures to ensure data security appropriate to the level of risk, including "pseudonymisation and encryption of personal data." (Article 32)
  • Have in place "a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing." (Article 32)
  • Safeguard against the "unauthorized disclosure of, or access to, personal data." (Article 32)
  • Communicate "without undue delay" personal data breaches to the subjects of such breaches "when the breach is likely to result in a high risk to the rights and freedoms" of these individuals. (Article 34)

Thales e-Security is a leading global provider of data encryption solutions with a 40-year track record of protecting corporate and government information, Thales solutions are used by 4 of the 5 largest energy and aerospace companies, 22 NATO countries, and securing more than 80 percent of worldwide payment transactions.

 


Thales supports us with...

  • Secure By Encrypting Both Structured and Unstructured Data
  • Vormetric file-based transparent encryption product provides the kind of "state of the art" data protection GDPR specifies. Using Vormetric encryption, your organization can render private data unintelligible to a cyber-intruder even in the event of a breach, thereby avoiding the breach notification requirement outlined in Article 34.
Why is the Vormetric product line from Thales a must for GDPR compliance?

Vormetric file-based transparent encryption provides the kind of "state of the art" data protection the GDPR specifies. Using Vormetric's encryption, your organization can render private data unintelligible to a cyber-intruder even in the event of a breach, thereby avoiding the breach notification requirement outlined in Article 34.

Learn more here.

What will help prevent unauthorised access to data?

Thales e-Security products and solutions help our customers prevent unauthorized access to personal data, thus enabling compliance with Article 32. Specifically, our Vormetric Data Security Platform enables separation of duties between privileged administrators and data owners, and supports two-factor authentication. Our nShield HSMs also help customers set up high-assurance authentication of users and processes attempting to access personal data.

Learn more here.

What will help test, assess and evaluate security effectiveness?

Vormetric’s Security Intelligence produces detailed security event logs that are easy to integrate with Security Information  and Event Management (SIEM) systems to produce the kind of security reports necessary for GDPR compliance. These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities.

Learn more here

Open

Close

Trend Micro and GDPR

As a leading security company, Trend Micro welcomes the European Unions harmonised approach to data protection giving a single regulation that covers all EU member states. The new levels of fine and forced disclosure now make the management of EU citizens personal data within a company a board level issue rather than just the IT team, so it should get the focus it has needed in the past.

Much of the regulation covers the need to understand what personal data a company holds, how it is held, how it should be managed, etc. 

Technical controls come into play helping discover what data is held, how to stop your internal users causing a breach and also how to stop external 3rd parties using malware or vulnerabilities to steal or destroy the EU citizen personal data you hold. This is where technologies like encryption and data loss prevention are important. State of the art technologies to deal with external threats covering layered endpoint security, web and email security, plus technologies to deal with identifying and stopping breaches. The more integrated and automated the security controls are the easier it is to get the value you need as well as reducing the risk of a breach.


Trend Micro supports us with...

Trend Micro help secure personal data in two main ways. Firstly, reducing the chance of internal users causing a breach using encryption (Email, Full Disc, File and folder) and data loss prevention technologies across endpoints, web, email, Sharepoint and IM. Secondly using state of the art layered endpoint, web, email, network and breach detection technologies brought together under a single pane of glass for centralised visibility and investigation to protect from external threats that could result in a breach.

How can Trend Micro help secure data?

Trend Micro helps secure personal data using various data and Threat Protection Technologies. Firstly, by helping business reduce the risk of internal users causing a breach of personal data. The use of Encryption (Email, Full Disc, File, Folder, removable media) and data loss prevention across the endpoints, web, email, network and Sharepoint both on premise and in the cloud greatly reduce the chances of a breach. Secondly Trend Micro has a whole suite of state of the art technologies to deal with external threats covering layered endpoint security, web and email security, plus technologies to deal with identifying and stopping breaches. This includes zero-day detection and automated threat sharing between all components using Trend Micro Connected Threat Defence Platform. These integrated and automated security controls make it easier to get the value you need as well as reducing the chance of a breach. 

Open

Close

Varonis and GDPR

Varonis helps organisations of all sizes with GDPR projects: including data classification and discovery, data protection impact assessments, managing access control, remediating and enforcing a least privilege model, data retention procedures, and detecting and alerting on breach notifications and policy violations.

We capture more metadata about enterprise data and file systems than any other solution: so that you can identify compromised accounts, privilege escalations, GPO changes, and malware attacks like ransomware - and stop them before they lead to a data breach.

Varonis helps meet data classification and documentation requirements, and builds a framework for GDPR compliance:

  • Discover, identify, and classify GDPR personal data (NAS, SharePoint, Cloud, etc.)
  • Monitor and audit data access and permission changes, maintaining records of data processing activities in the file system
  • Delete global accesses and overexposed data so that personal data is protected
  • Apply the principles of Privacy by Design
    • Implement data retention policies to remove or minimise personal data that is no longer used
  • Support GDPR's consumer-oriented data rights
    • Right to erasure, right of correction
  • Automatically alert and capture information on suspicious activity and potential security incidents for breach reporting
  • Establish incident response and forensics procedures

We capture more metadata about enterprise data and file systems than any other solution: so that you can identify compromised accounts, privilege escalations, GPO changes, and malware attacks like ransomware - and stop them before they lead to a data breach.


Varonis supports us with...

Varonis discovers, identifies, and classifies GDPR-applicable personal data and sensitive data across platforms. Varonis helps automate and restrict access to sensitive data, and alerts on suspicious activity: detecting insider threats, ransomware and cyberattacks. Reduce risk, limits the scope of damage, and automate policy and process to maintain compliance with Varonis.

Varonis helps manage and track access and activity on sensitive and personal data, automates access controls to establish and maintain a least privilege model, and provides reporting and auditing to ensure accountability. Discover, classify, and manage GDPR affected data with Varonis.

Get in touch

Get in touch if you would like to learn more about GDPR, and how your organisation can benefit from business level advice or technical solutions. The personal information provided will be used to contact you about Softcat’s GDPR services.

By submitting this form, you consent to be contacted about products and services from members of Softcat. Softcat is committed to safeguarding your privacy. If you want more information on how we collect and use your personal data, please read our privacy policy page.