The European Union’s Regulation, GDPR will come into force on 25th May 2018 imposing new data rules for data privacy and protection. To comply with GDPR, IT companies and organizations should adhere to GDPR requirements.
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information or a computer’s IP address.”
GDPR requires businesses and IT Companies to protect the personal data and spell out how they manage and share personal data. Non-compliance with GDPR regulations would cost huge financial penalties to the IT Companies, about 4% of an organization’s annual earnings.
Let’s look at the important security features in Windows Server 2016 that can help with GDPR compliance and protect organizations from a data breach.
Just Enough Administration and Just in Time Administration
While protecting and isolating credentials as much as possible, administrator credentials can be stolen by attacks, social engineering, brute force cracking and disgruntled employees. Therefore, there should be a way to limit the reach of administrator-level privileges in case they are compromised.
Windows Server 2016 introduces Just Enough Admin and Just-In-Time Admin options that allow organizations to only give administration credentials for a limited time with limited permissions.
Just Enough Administration in Windows Server 2016 allows you to give limited privileges and access to only those tools that are needed to perform specific administrative tasks.
Just-In-Time Administration allows you to assign users to privileged groups for a limited time frame and users are removed from privileged groups after a limited duration. This technology is known as Privileged Access Management.
The IT division can upload an extra layer of safety by way of configuring Windows to validate the administrator’s identification via multifactor authentication ahead of the request is granted.
Windows Defender Credential Guard and Windows Defender Remote Credential Guard
There are other important security features in Windows Server 2016 that can help with GDPR Compliance, Windows Defender Credential Guard and Windows Defender Remote Credential Guard.
Windows Defender Credential Guard uses a hypervisor to isolate authentication credentials to restrict access to privileged system software and to prevent Pass-the-Hash or Pass-the-Ticket attacks by making them completely ineffective.
Windows Defender Credential Guard uses:
- Virtualization-based security
- 64-bit CPU
- CPU virtualization extensions, plus extended page tables
- Windows hypervisor
- Secure boot (required)
- TPM 2.0 either discrete or firmware (preferred – provides binding to hardware)
Windows Defender Remote Credential Guard protects the credentials used for remote desktop sessions. Previously, Users with remote desktop connections would have to log on twice in which the second login exposes credentials to Pass-the-Hash or Pass-the-ticket attacks. Windows Defender Remote Credential Guard in Windows Server 2016 implements single sign-on for Remote Desktop sessions and eliminate the requirement to re-enter the logon credentials.
Protecting infrastructure and applications
Windows Defender Device Guard
While protecting credentials is important, it also requires blocking malware and external attackers running malicious software. Windows Defender Device Guard is an application whitelisting tool in Windows Server 2016 to ensure that only trusted software run on the server. With windows defender device guard, admin can specify and limit which binaries can run on the system to prevent cyber threats by blocking malware attacks, malicious software or exploiting vulnerabilities.
Enhanced security auditing
Windows Server’s Enhanced Security Auditing capabilities is useful for GDPR Compliance. Microsoft updated security auditing that provides more detailed information for faster attack detection and alerts administrators to potential breach attempts.
The detailed security information provided by the enhanced auditing enables two new types of auditing, Audit Group Membership and Audit PnP Activity. Group Membership Auditing helps to audit the group membership information in a user’s login session and PnP auditing helps admins detects an external device which could contain malware.