The GDPR has been in effect for a long time now, and the most significant change to European Union (EU) privacy law in two decades has made some serious waves. The GDPR was designed to replace the Data Protection Directive (DPD) that came into force in 1995 when web technology was nowhere near as advanced as it is today.
The GDPR applies to all organizations handling the data of EU citizens and will be unaffected by Brexit (whenever that happens), due to the fact that the UK was still a member of the EU when the regulations originally come into effect.
So, how has the GDPR affected your auditing strategy? There are numerous things you are going to need to audit in a more stringent fashion to comply with GDPR and they cannot all be listed below. However, here are 5 things you need to be able to produce reports on when it comes to Active Directory specifically:
1. Auditing Object Modifications for GDPR
You need to be able to produce reports on when Active Directory objects are modified in any way; including copying, removed and renamed. This is to ensure the security of personal information by protecting it against unauthorized changes.
2. Auditing Logons/Logoffs for GDPR
In order to determine whether Active Directory is being accessed unlawfully, administrators need to be able to produce detailed logon and logoff reports. Such reports should show successful logins, failed logins, users logged into multiple computers and more. This reporting will help you determine whether someone is trying to gain unauthorized access to your Active Directory.
3. Auditing Users/Computers for GDPR
Users and computers both need to be audited in more depth; including creation, deletion, modifications, user password resets and more. The purpose of this is to ensure that you know of any changes taking place to users and computers that could affect data access – particularly when it comes to sensitive data.
4. Auditing Permissions for GDPR
It is vital that you are able to produce reports on current permissions to an object, permission modifications and compare permissions between two dates in time. Real-time alerts and reports on these changes will enable you to determine whether you are maintaining a least privilege policy or are at risk of privilege abuse. You need to make sure that your users only have the levels of permission they need as per their job requirements, nothing more.
5. Auditing Group Policy for GDPR
The GDPR will require you to be able to report on all aspects of Group Policy change activity, including creation, deletion, renames and modifications. This is to ensure that there are no unauthorized changes taking place that go unnoticed affecting the Group Policies attached to sensitive data.
There are so many more facets that you will have to audit in Active Directory that are not included in this article, and many servers other than Active Directory will need to be audited also – including Filer Server, Exchange Server, and SQL Server. In order to meet these stringent requirements, it’s likely you will need to deploy a third-party active directory auditing solution, such as LepideAuditor. Such solutions come with pre-defined reports that will help you meet aspects of GDPR requirements, as well as helping you to improve the overall security of your systems and data. Start your free trial of LepideAuditor today.