Gramm-Leach-Bliley Act (GLBA) Compliance

Thales eSecurity's Vormetric Data Security Platform provides solutions for Gramm Leach Bliley Act (GLBA) compliance

Americas Map

Regulation

Active now

GLBA

Also known as the Financial Services Modernization Act, the Gramm Leach Bliley Act (GLBA) applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.

Thales eSecurity provides solutions for Gramm-Leach-Biley Act (GLBA) compliance through:

  • Encryption and key management;
  • Access controls;
  • Security intelligence.
GLBA
Requirements

Section 501(b) of the Gramm-Leach-Bliley Act requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. The Gramm-Leach-Bliley Act also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. These include:

  • Ensuring the security and confidentiality of customer records and information
  • Protecting against any anticipated threats or hazards to the security or integrity of such records
  • Protecting against unauthorized access to or use of such records or information, which could result in substantial harm or inconvenience to any customer
Implications

For organizations affected by the standard, these Gramm-Leach-Bliley privacy regulations, combined with referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:

  • Safeguard and monitor customer records and information
  • Create and maintain effective risk assessments
  • Identify, implement and audit specific internal security controls that protect this data
Integrated Vormetric Data Security Platform from Thales eSecurity

Thales eSecurity provides key portions of the solution to these Gramm-Leach-Bliley Act compliance problems including security controls that enable organizations to safeguard and audit the integrity of customer records and information against a broad range of threats. Thales eSecurity supports these activities across widespread heterogeneous infrastructures that include virtualized environments, cloud and big data implementations as well as within traditional data centers. This single platform solution to multiple data protection needs helps organizations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

Access Control and Monitoring

The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to customer records and information. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Thales eSecurity details who accesses data, leaving a clear audit trail, and enables extended security controls warranted by today’s threat environment for recognizing compromised accounts when combined with a SIEM or Big Data for Security implementation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales eSecurity provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection by limiting data access to only personnel and programs authorized to do so, and provide the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption

Vormetric Application Encryption from Thales eSecurity adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management from Thales eSecurity enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Research and Whitepapers : Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center...

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More

SOX

Americas Map Thumbnail

Regulation

Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ