On a recent visit to Asia I had the opportunity to sit with many of our regional partners to discuss IT security regulations specific to web applications and databases. There was no surprise that PCI was at the top of the list followed by SOX for some international companies, primarily American, and then a short list of ISO and country specific regulations. Each partner I spoke with talked about a different local requirement usually still being defined or just about to become officially enforced. In each case I received the same question, "Will SecureSphere support the legislation?"
The short answer I gave them all was the same. If the legislation requires web application security and/or monitoring, and/or defines requirements for securing and/or monitoring database and data access, the answer is 'yes'. The reality that I have experienced so far has been that while there are various data security regulations, they all typically require the same fundamental output. Data privacy regulations, regardless of the industry or country, at a minimum, require complying organizations to restrict and/or monitor (audit) who has access to, and to what degree they have access to, the data that must be regulated.
This, of course, is quite easy for SecureSphere since it has the ability to secure and monitor (audit) any aspect of database and application activity. All that is required of the administrator is to know what elements of data access should be monitored to comply with the regulation and to configure SecureSphere to secure and/or monitor that activity. Of course, SecureSphere is pre-configured with the most common regulations, but as I say, it can be easily configured to meet even the most obscure legislation.
The most common current Asia regulations I identified are below:
As I stated above, there are some regulations in development for various countries, but they have yet to be ratified. Additionally, some countries have existing regulations, but have yet to include IT data to the requirements and are still very much focused on the 'paper' books rather than electronic data. Having worked extensively in various locations around the globe, it's always interesting to see the considerable differences from region to region and country to country.