How to ensure Windows Server is GDPR-compliant
Introduction
The General Data Protection Regulation (GDPR), an EU law regulating the processing of personal data, came into force on May 25th, 2018. Organizations who breach the GDPR may be subject to fines of up to 20 million euros or 4% of their annual global revenue turnover. Taking into account the importance of the GDPR and the severe sanctions, Microsoft has put forth new efforts to ensure compliance with the new law.
According to Brad Smith, Microsoft’s president, Microsoft used the services of more than 1,600 of its engineers to meet the requirements of the GDPR. The result of this hard work is a comprehensive portfolio of tools helping individuals and organizations to adhere to the GDPR.
In this article, we will focus only on tools for Windows Server. These tools can be grouped into two broad categories: tools aiming to facilitate the compliance with the GDPR’s requirement to implement adequate information security measures, and tools facilitating the compliance with the GDPR’s requirement to notify personal data breaches to the data protection authorities.
Implementing adequate information security measures
Below, we’ll briefly examine eleven tools that can be regarded as adequate information security measures within the meaning of the GDPR: Control Flow Guard, distributed network firewall relying on software-defined networking, enhanced security auditing, Host Guardian service, Just-in-Time Admin (JIT) and Just Enough Admin (JEA), Shielded Virtual Machines, Virtual Machine Trusted Platform Module, Windows Defender Antivirus, Windows Defender Credential Guard, Windows Defender Device Guard and Windows Defender Remote Credential Guard.
Control Flow Guard
Control Flow Guard prevents jump-oriented programming (JOP) attacks by limiting the execution of certain application code. JOP attacks modify jumps and other control-flow-modifying instructions, thus allowing the program to jump to a location defined by the attacker.
Distributed network firewall relying on software-defined networking
The software-defined networking (SDN) in (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ZTSsuwUWL3w/
