Today, virtually every organization must deal with regulatory pressure, and the burden to satisfy these demands is becoming more and more challenging.
Tactic #3: Limit access to critical and controlled resources while watching what people do
Obviously, you are not interested in an employee’s personal data contained on the device they’re using for access, so you need to isolate the company’s critical resources from an individual’s personal information. Strong authentication, ongoing audit of activities and a good, well-maintained password policy will help you here. Reviewing access and content often really is key, because you’re still in charge of compliance both today and tomorrow. Whoever needs access today might not need it tomorrow, and, on the flip side, if a user needs access tomorrow but doesn’t have it, that’s also a compliance failure.