Meeting GDPR Compliance with LepideAuditor
Due to GDPR regulations, most organizations will find themselves needing to appoint a Data Protection Officer. However, all organisations, regardless of whether a DPA is in place, need to be able to prove their compliance with the complex regulations that will come into place. Information Technology sections of this regulation can be met by auditing the IT infrastructure. However, native auditing methods alone are not enough, as they can be both too time consuming and complex. LepideAuditor provides a single centralized console that enables you to audit multiple instances of Active Directory, Group Policy Objects, Exchange Server, SharePoint, SQL Server, Windows File Server, NetApp Filer, Office 365 and Dropbox. It also holds numerous specific reports that can help you meet aspects of GDPR compliance.
Chapter II – Article 5 (1) (f) – Principles Relating to Personal Data Processing
This section of GDPR focuses on the security of personal data from unauthorized access, unlawful processing and accidental deletion. Auditing accesses made to relevant files and folders and tracking the permissions of users is a requirement when implementing the security of digital data. LepideAuditor performs Historical Permission Analysis of Active Directory, Exchange Server and File Server. Current Permission Report displays all current effective permissions of users on shared files and folders in File Server. LepideAuditor also monitors all accesses made to data stored on File Server and mailboxes on Exchange Server.
Chapter II – Article 5 (2) – Principles Relating to Personal Data Processing
This section requires organizations to prove their compliance with section 5 (1). You can install and configure LepideAuditor to display adherence with these sections. LepideAuditor has numerous inbuilt pre-defined reports that show all changes in permissions and all accesses made to crucial data. The real-time alerts help you to take immediate action against unwanted changes or unauthorized accesses. Our solution also allows you to restore the state of Active Directory Objects and Group Policy Objects to restore the permissions of Active Directory users to their last known good state.
Chapter IV – Articles 24 (1) (Responsibility of the Controller) and 32 (2) (Security of Processing)
To comply with this section, organizations have to display that they are processing data as per GDPR requirements. As multiple server components deal with the personal data stored in files, folders and mailboxes, the entire IT infrastructure will need to be audited. Auditing each component separately using native methods is complex and messy. LepideAuditor provides a single console for auditing multiple instances of different server components.
Chapter IV – Article 24 (2) - Responsibility of the Controller
This section requires organizations to produce proof of compliance with article 24 (1). LepideAuditor keeps a long-term record of changes made in the configuration of server components, accesses made to the data and changes in permissions of users/objects. These records are displayed in predefined reports in text and graph formats, which can be saved as files on the disk or can be delivered through email at scheduled intervals. You can customize any of the Active Directory, Group Policy or File Server Modification Reports to create a customized report suited to your requirements. You can also create real-time alerts that can be sent as emails, as updates to Radar Tab and as notifications to the LepideAuditor App.
Chapter IV – Articles 25 (1) (Data Protection by Design and by Default) and 32 (1) (Security of Processing)
This section requires organizations to have proper mechanisms in place for the protection of data in the IT environment. Auditing of accesses made to data, user permissions and of user activities on the computers or servers will inevitably help you secure your data. You will gain full visibility into who is trying to log on to a critical computer, access a mailbox, read an important file or delete files. LepideAuditor audits all changes made in permissions, accesses made to data and user activities on the different computers and servers. Any unauthorized change or access is brought to the notice of intended recipients through email or push-notifications to the LepideAuditor App.
Chapter IV – Article 25 (2) – Data Protection by Design and by Default
This section requires organizations to maintain accesses made to data. Only authorized and relevant users should be able to access data. Organizations must implement access privileges in their IT environment and monitor accesses made to personal data. LepideAuditor audits user permission changes in Active Directory, Exchange Server, SharePoint, SQL Server, Windows File Server and NetApp Filers. It also monitors accesses made to data stored in File Server, SharePoint and SQL Server. Alerts in real-time are sent through email to selected recipients or through notifications to the LepideAuditor App once an unauthorized access or unwanted change in permission is detected.
LepideAuditor is simple to install and setup and is an easy-to-use solution for auditing your IT environment.
LepideAuditor takes the strain out of change auditing and regulatory compliance with one of the most comprehensive solutions on the market.
IT Security Guru
It’s rare to find a solution which covers a such a wide range of auditing services, but ‘LepideAuditor’ is one of those rare exceptions.
Active Directory Lead
LepideAuditor is one of the most simple to use and feature-packed security suite for Microsoft-based environments. If you fear security breach, this is one of the most essential security perimeters.
LepideAuditor is an excellent audit solution. It gives IT teams complete information about what’s happening in the IT systems, the health of their servers and backup history.
The LepideAuditor is an invaluable toolset for any System Admin to audit Active Directory, Group Policy and Exchange server changes.
I really enjoyed the way LepideAuditor performs to audit the changes made to Active Directory and Group Policy Objects. I will certainly recommend it to anyone who is looking for an easy-to-use third party auditor.
LepideAuditor is highly recommended as it not only meets all requirements for Active Directory and Group Policy change auditing but also it is easy and friendly to use.
Roberto Di Lello
LepideAuditor is an excellent auditing solution. Some key features of the solution are compliance reports, health monitoring, alerts/notifications and the backup/restore functionality.
LepideAuditor honored as Gold winner in the 12th Annual 2016 Info Security PG’s Global Excellence Awards® in ‘Auditing’
LepideAuditor is a solid product that will likely do a good job for anyone who wants to know what administrative actions are being taken in their organization.
LepideAuditor received a gold certification in data loss prevention.
❝ LepideAuditor has brilliant search capabilities and was easy to use from the perspective of a non-technical end user – highly recommend it.❞
❝ LepideAuditor provided us with complete visibility over what was happening in our IT environment in a simple, cost-effective and scalable way.❞
❝ We're very pleased with how much more insight LepideAuditor gave us and impressed with the attentive customer service they provided.❞
❝ LepideAuditor takes the strain out of change auditing and regulatory compliance with one of the most comprehensive solutions on the market. ❞
More from Lepide
Insider Threats Don’t Apply to Me…Do They?
Despite being responsible for around 30% of all cybercrime, insider threats don’t seem to get the same attention when it comes to security budgets as preventing external attacks.Learn More ->
Popular Cyber Attack Methods and How to Mitigate Them
This White Paper will go through some of the most popular cyber-attack methods attackers are using and the steps you can take to mitigate the risks of you falling victim to them.Learn More ->
LepideAuditor 18.7 – Analyze Your Excessive Permissions
The latest version of the award-winning LepideAuditor now enables you to analyze users and objects with excessive permissions to help you avoid privilege abuse.Learn More ->
Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.