In case you missed it, California Consumer Privacy Act (CCPA) went into effect at the beginning of 2020 and enforcement started on July 1. Modeled after the EU GDPR, the CCPA is designed to enhance privacy rights, improve data security and provide consumer protection for California residents. Any company doing business in California must secure and control access to customer data and show audit trails for proof of compliance.
To meet CCPA guidelines, many companies will need to implement a privileged access management strategy. In fact, regulatory and compliance requirements remain one of the key drivers for privileged access management software. (The other factors being failed audits and a need to minimize security breaches and insider threats).
Similar to GDRP and other compliance regulations, CCPA requires that companies secure and limit access to personally identifiable information (PII). Think of it as controlling who has access to PII, what access levels they have (can they view, edits/change, export, etc), and when they can access the data. To do this, companies need to identify all privileged accounts that access to sensitive data and document what security controls are in place to protect PII.
Companies using manual processes, spreadsheets or basic password enforcement are at risk of failing CCPA and other compliance regulations. These practices are no longer enough to protect consumer data. Companies need dedicated tools and software that help identify, lock-down, limit, manage, and track privileged accounts that access PII.
As you look to comply with CCPA or even New York’s Shield Act (which is similar to CCPA and went into effect in March 2020), here are 6 ways PAM software can help:
- Discovery – Do you know how many privileged users and accounts are accessing your sensitive customer data? PAM software automates the discovery of privileged accounts. This makes it easy for IT administrators and compliance officers to locate and report on privileged credentials and endpoints (and their configurations). Scans can be automatically scheduled to run at specific intervals to identify new privileged accounts and place them under management.
- Reporting and Auditing– PAM software is designed to provide detailed auditing and reporting capabilities. PAM tools, like Xton Access Manager, offer auditing for all access and usage events. This includes recording sessions, keystrokes and more. CSOs and compliance offers can see exactly what, when and by whom records or secrets were created, accessed, modified or deleted.
- Password Vaults – Maintaining strong passwords has always been a critical part of protecting data and security best practices. PAM software includes a password vault for the secure storing of passwords and credentials. Strong password requirements, automated password rotation and “no password access” are built into the vaults. System admins and other privileged users must go through the PAM software and be authenticated to access their credentials.
- Access Management– When it comes to securing PII, companies need to limit who has access to the data. PAM software allows enterprises to create role-based access controls that allow IT and compliance officers to control privileges based on a user’s role. Companies can restrict access rights for users, accounts, and computers/applications to only those resources / permissions required to perform their job effectively. This allows companies to implement the principle of least privilege and prevent “over-privileged access” by users, applications, or services. By limiting access to a user’s role, a company reduces their risk of a data breach.
- Automation and Alerts – Several PAM tasks can be automated with email alerts sent to administrators. This makes it easier to comply with regulations, reduces the burden on IT / compliance teams, while also simplifying overall PAM management. Administrators can automate the discovery process and set up alerts/notifications when users are sharing, using or modifying PII.
- Improved Cybersecurity – Implementing PAM software not only helps with data security and compliance but it improves a company’s overall cybersecurity strategy. For two years running, Gartner has listed PAM as one of the top security projects for companies. Gartner sees PAM as having a high degree of business impact and the ability to reduce a high amount of risks. With cyber threats on the rise, PAM software helps by securing your privileged credentials and controlling access to sensitive information.
The XTON Advantage
Now that CCPA is in effect, I anticipate that other states or even a national data privacy law will emerge over the next few years. Companies can enhance their security infrastructure with PAM software while complying with current data privacy laws. At Xton, we make it easy to comply. Xton Access Manager (XTAM) offers out of the box solutions for several regulatory controls across multiple guidelines –GDPR, NIST 800-171, ISO 2700, HIPAA, Sarbanes-Oxley, and many more.
XTAM includes enterprise PAM functionality in one affordable, agentless, cloud-ready platform. Leveraging a modern architecture, XTAM eliminates the unnecessary complexities associated with traditional PAM solutions. Download a free trial of XTAM today.