Our world is becoming more interconnected, more global, more digital. And these new complexities lead to new regulations. In data protection, comprehensive guidelines should ensure that all applications and interfaces guarantee the security of sensitive data. You can respond to these requirements in different ways; either with complex internal processes and individual IT configurations, or with an external software solution such as Airlock.
The advantage of the second option is that the intelligent Airlock Secure Access Hub complies with all current international standards, allows central data handling and is a fully integrated solution for all applications. This leads to less complexity in the company and compliance management that meets the highest requirements at all times
Functions facilitating compliance:
- Upstream security, identity management and access management
- Upstream enforcement point for compliance guidelines
- Consent management
- Centralisation of identities and data
- API security
- Strong authentication
- User self-service options
- Monitoring and interactive reporting
Multiple compliance standards in one software bundle
Financial service providers, healthcare, mail-order companies – different industries are subject to different regulations. This is why Airlock includes solutions for many different compliance guidelines:
The General Data Protection Regulation (GDPR)
The EU regulation GDPR is an essential component of the compliance strategy of every company. According to the regulation, the customer must consent to the use of his/her data for a specific purpose and the company must make the approval process verifiable. The management of these user consents is done centrally with Airlock, without applications having to be adapted. Users can manage their preferences at any time using self-services. Access to an application is only granted if a user has agreed to all necessary consents.
The same applies to the customer's desire to delete, restrict or view data. Not only does the Airlock Secure Access Hub provide audit-proof storage of logs, it also supports the implementation of high-security requirements for data storage. Legislation also requires that government agencies must be informed immediately in the event of cyberattacks (ITSiG). The Airlock Secure Access Hub supports the detection and analysis of incidents with its central and interactive real-time reporting.
For the security of our SAP-based web applications, a central, highly secure access had to be created that could also be used to connect future systems.
Peter Saile, Head of System Planning at Hamburg Wasser
Payment Service Directive
PSD2 primarily applies to European banks and mandates the provision of interfaces for external financial-service providers. Access to these interfaces must be strongly authenticated and companies must generally comply with state-of-the-art IT security. With its comprehensive access management functionality, supported Federation standards and integrated API protection, Airlock provides ideal conditions for simple and reliable PSD2 compliance. Another advantage is that specific versions of the PSD2 standard, such as NextGenPSD2 or STET, are already integrated in the Secure Access Hub.
Payment Card Industry Data Security Standard
Companies that process credit card transactions must comply with the privacy policies of the credit card industry. Large e-commerce companies should also have their network security externally audited every three months. With the Airlock Secure Access Hub, these measures can be implemented efficiently, as protection always remains at the highest level and applications do not have to be constantly adapted to cope with new threats..
Our compliance whitepaper
The whitepaper "Compliance as an Advantage: Technical Requirements of GDPR for Modern Digital Enterprises" was prepared in cooperation with KuppingerCole and shows which requirements have to be met.
Meeting PSD2 Challenges
The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe. Banks and other financial service providers must quickly prepare for PSD2. Airlock Suite provides foundational technical capabilities that can help businesses meet the challenges posed by PSD2. The Whitepaper was written by John Tolbert, Senior Analyst at KuppingerCole.
Payment Card Industry Data Security Standard (PCI-DSS)
Companies that process credit card transactions must comply with the privacy policies of the credit card industry. Read our white paper on PCI-DSS compliance.
Compliance standards of specific target markets
In addition to the internationally recognised compliance standards, Airlock supports numerous other standards that are important in certain target markets and regions, such as the German Federal Financial Supervisory Authority (BaFin) Directive or the Monetary Authority of Singapore (MAS) Data Protection Guidelines, which are gaining in importance in Asian markets. The centralised approach of the Secure Access Hub makes it possible to implement compliance requirements efficiently as they can be controlled in one place without affecting the entire application landscape.