Sep 07 2012

How UTMs Can Help Ensure Compliance

Unified threat management devices offer more than just convenience to organizations of all types.

Failure to comply with government regulations can have long-lasting consequences.

Several federal regulations — for example, the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Children’s Internet Protection Act (CIPA), Sarbanes–Oxley (SOX) and the Federal Information Security Management Act (FISMA) — include specific requirements on building and maintaining secure networks, such as installing and maintaining a firewall or using encryption for data transmission.

But if one component of a security system is out of compliance, then the entire system is considered to be noncompliant. For many organizations, unified threat management devices are not only an essential element in meeting compliance requirements, they also make the process simpler.

“The fact that they have to continually make sure they’re in compliance means they want as few moving parts as possible,” says Bill Prout, technical engineer and product specialist at Sophos. “A UTM really simplifies things so you can get a better handle on it, it reduces your risk, and it allows you to quickly and easily maintain and ensure you’re still in compliance.”

Prout adds that a UTM also makes it easier to demonstrate compliance to an auditor. “You’re able to take a look on one screen and show them here’s my secure firewall, here are my VPN tunnels, here are my proxies for web access, and here are the security policies for password access,” he says. “You’re going to look at all these types of things on one single pane of glass, which makes it simple for auditors.”

Along with federal regulations, several states require organizations to notify stakeholders in the event of a data breach. A UTM device’s reporting capabilities can help a district mitigate its legal liability, says Chris McKie, WatchGuard Technologies director of compliance.

“You want insight that’s easy to use, easy to get, and can generate meaningful reports that tell you what’s going on inside your network,” McKie says.

He also suggests that organizations look for UTM solutions that offer report templates for common regulations, such as PCI and HIPAA.

“All of our UTMs come with report templates that meet the most common regulatory schemes,” McKie says.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT