BREAKING

Tuesday, March 21, 2017

Microsoft to Help Us Protect, Detect, Respond and Comply with the Data Privacy Act


Wazzup Pilipinas!

Most server, systems or network administrators would check the server logs only when there's an incident. This is something similarly alarming because we tend to just be reactive instead of proactive. We only act after the problem has reared its ugly head. But you couldn't really blame administrators for their tasks are tedious and hectic.

Many companies do not even know they've been hacked, and based on statistics admins would only be fully aware after around 500 days. Most of the time, that could cause a very crucial effect to the company as breaches or sabotages could have occurred already.

Many IT infrastructures are often threatened by compromised credentials. Many of us still put our usernames and passwords on our notebooks or even on post-it notes stuck on our work areas, or other forms of manual safekeeping of critical information, thinking they are safe from being breached by outsiders. But we should always remember that there may be some disgruntled employees who want to intrude on the system for many reasons like revenge or theft.

Some are victims of social engineering that they become easy prey for hackers who want to get in to our system. We are sometimes unable to detect or realize anomalous or suspicious behaviors.




Thus some admins try to be strict by making their security measures tighter. This could be in the form of limited access for employees that could be through the likes of "just-in-time" or "time-bound" access. It could also be by giving employees access to only some resources within the network.

These security implementations could however stifle productivity. Finding ways to mitigate security leaks is really quite a difficult task. This would sometimes tempt admins to peek into the data of the users.

Thus, there is the requirement for companies to comply with the Data Privacy Act so we could be assured that everyone can be protected, detect anomalies, and respond appropriately.




Microsoft recently held a workshop to share their abilities to help companies comply with the data privacy act. Their solutions include advanced threat analysis to spot deviations in baseline behavior. The workshop was held at Makati Shangri-La on March 17, 2017 and the speakers were Dale Jose from the Enterprise Mobility and Security, and Herns Hermida of the Cloud and Enterprise Business.


Below is the official press release about how Microsoft helps companies comply with the Data Privacy Act:


Microsoft Helps Companies on their Ongoing Compliance with the Data Privacy Act

Philippine businesses with more than 250 employees and/OR with a thousand customers in their database should comply by September 9 or face government sanctions

 Philippine businesses must comply with the Data Privacy Act or Republic Act No. 10173 by September 9, 2017 or face sanctions and penalties.  That’s how serious the government is in protecting the citizen’s right to privacy.

The Philippine Data Privacy Act (DPA) aims to protect every individual’s information recorded on any IT and communication system in both government and private sectors.  The government has mandated the National Privacy Commission (NPC) to educate and enforce this 5-year old law.

The NPC seeks to ensure that companies adhere to the DPA by appointing its own data protection officer (DPO), conduct privacy impact assessment and create a privacy management program. Under the law, organizations must also implement a privacy and data protection measures and regularly exercise breach reporting procedures.

The Data Privacy Act impacts not just SMEs but any organization that employs 250 people or handles more than a thousand customers in their database. Violators can be fined up to PhP 5M for committing the acts penalized by the DPA.  Just how serious is the Philippine government with protecting the citizenry’s privacy rights? The NPC has called out one of the biggest government agencies and even large corporations that hold Personally Identifiable Information (PII) for privacy violations that were stated in the Data Privacy Act.

Microsoft’s commitment to the Data Privacy Act
Microsoft strongly believes the Data Privacy Act represents an important step forward for individual privacy rights. This act also seeks to ensure personal data is protected no matter where it is sent, processed, or stored.  Microsoft’s long-standing commitment to security, privacy, and transparency are consistent with the goals of the Data Privacy Act. To support this government drive, Microsoft has been working on helping businesses in their journey to comply with this important legislation.

To help companies start their DPA compliance initiatives, we’ve made available online tools and resources through a dedicated Microsoft Trust Center website focused on information on the Data Privacy Act. Through this site, businesses may also take a free risk assessment by the National Privacy Commission to assess their privacy risk level under the DPA regulation.

Microsoft’s Comprehensive Solutions that helps businesses comply
As this policy seeks to help Filipino citizens in their right to privacy and businesses need to be both responsible and accountable for their customers’ data, businesses are not alone in this journey.

Microsoft products and services are available today to help businesses meet the Data Privacy Act requirements, and is investing in additional features and functionality. Through our cloud services and on-premises solutions, Microsoft will help locate and catalog personal data in the business’s systems, build a more secure environment, simplify management and monitoring of personal data, and give the tools and resources needed to meet the Data Privacy Act reporting and assessment requirements.

·               With Microsoft Azure, an organization can receive a level of data protection and physical security that far exceeds typical on-premises firewall protection. Azure offers businesses peace of mind knowing that their apps and data are getting the same level of protection chosen by Microsoft’s enterprise customers, including many of the world’s largest financial institutions.
·               Microsoft Enterprise Mobility + Security (EMS) helps give users a more secure and integrated productivity experience with Microsoft’s enterprise mobility solutions. Securing identities like multi-factor-authentication, device health/data protection with remote wipe and disconnection capabilities, information protection at rest and in-transit, and advanced detection capabilities against security breaches are among the key prescriptions in the DPA. EMS’ layered security across Identity, Devices, Apps, and Data helps with the ongoing compliance.
·               If the business involves processing important information, then Office 365 is the application suite needed to get the power of Office anywhere and on any device! Plus, regular updates ensure information is secure and protected.
·               Windows 10 provides identity protection and safeguards from pass the hash attacks.  It also provides data encryption at the device and on file level. This ensures corporate data isn’t accidentally or intentionally leaked to unauthorized users or locations.  
On top of that, Windows 10 also offers threat resistance with enterprise grade anti-virus protection that completely locks down your device, so you can run only trusted applications. It can also provide additional device security through UEFI Secure Boot and Virtualization-based security. It ensures that a genuine version of Windows starts first on your device, and moves some of the most sensitive Windows processes into a secure execution environment to help prevent tampering and prevent attackers from evading detection.
With these end-to-end solutions, businesses can focus on their core strategy while efficiently ensuring that they are compliant with this legislation. Microsoft understands that when our customer uses our services, this means entrusting us with their most valuable asset—their data. They trust that its privacy will be protected and that it will be used only in a way that is consistent with their expectations.

As the September 9, 2017 deadline nears, businesses have less than 175 days to comply. But they must realize that they are not alone in this endeavor. They have Microsoft as their trusted partner to help them in this journey for data privacy.

Visit the Microsoft Trust Center website now, take a free risk assessment, be informed on the latest news on the Data Privacy Act and get to know more about specific Microsoft solutions.

About ""

WazzupPilipinas.com is the fastest growing and most awarded blog and social media community that has transcended beyond online media. It has successfully collaborated with all forms of media namely print, radio and television making it the most diverse multimedia organization. The numerous collaborations with hundreds of brands and organizations as online media partner and brand ambassador makes WazzupPilipinas.com a truly successful advocate of everything about the Philippines, and even more since its support extends further to even international organizations including startups and SMEs that have made our country their second home.

Post a Comment

Ang Pambansang Blog ng Pilipinas Wazzup Pilipinas and the Umalohokans. Ang Pambansang Blog ng Pilipinas celebrating 10th year of online presence
 
Copyright © 2013 Wazzup Pilipinas News and Events
Design by FBTemplates | BTT