Data security measures for GDPR Article 32 compliance.
Gatekeeper is an advanced proximity-based identification and authentication solution utilizing hardware and software tokens. A user must be physically present to access a workstation - greatly limiting the attack vector. Robust auditing with military-grade encryption.
"Most screens auto-lock...but that's easily long enough for somebody to glance through your emails or copy your data somewhere else which with the introduction of GDPR in May could prove a legislative nightmare and risk for your company.
It's a simple idea, extremely effective and greatly improves workstation security in your business and employees love it as most importantly it is easy to use. GateKeeper allows for very complex passwords to be set on servers as no one needs to remember them."
Custard Technical Services
GateKeeper Enterprise GDPR Compliance Summary
Resilience in access control. GateKeeper fits the needs of organizations seeking to meet GDPR compliance requirements in Article 32. GateKeeper easily connects to syslog servers and integrates with enterprise security architecture.
GDPR Technical Requirements
Article 32 Compliance Description: Data security measures should, at a minimum, allow:
- Pseudonymizing or encrypting personal data.
- Maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services.
- Restoring the availability of and access to personal data, in the event of a physical or technical security breach.
- Testing and evaluating the effectiveness of technical and organization measures.
|Requirement||Description||Article Number||GateKeeper Response|
|Change Management||Monitors, logs, and reports changes. Shows compliance auditors that changes to the actions can be traced.||32||GateKeeper is a proximity-based secure identification and authentication solution using a physical token. A user must be physically present to access a workstation. Audit logs of physical access using GateKeeper are stored indefinitely on the GateKeeper Enterprise server. Additionally, GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes.
|Data Masking||Anonymizes data via encryption/hashing, generalization, perturbation, etc. Pseudonymizes data by replacing sensitive data with realistic fictional data that maintains operational and statistical accuracy.||32||GateKeeper uses military-grade AES-256 encryption to store and transmit passwords, PIN logins are obscured, and all authentication information is obscured.|
|User Rights Management||Identifies excessive, inappropriate, and unused privileges.||32||GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, an organization can granularly assign access permissions to individuals/groups on a per workstation basis. This helps enforce the concept of least privilege on a system level.|
|User Tracking||Maps end user to the system or data accessed.||32||GateKeeper Enterprise provides robust auditing capabilities that identify when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely.|
See GateKeeper Enterprise in action
Take a self-guided tour of GateKeeper Enterprise, the proximity-based centralized access control for secure identity and access management.
GateKeeper Enterprise 45-Day Trial
All your passwords in one place and only accessible by you. GateKeeper offers special pricing so you or your organization can try Enterprise before implementing on your entire network. Experience instant multi-factor authentication and worry-free workflow with GateKeeper's password management and enterprise access control system.