Regulatory compliance is becoming a hot topic. Several countries are improving their cybersecurity legislation, led by European Union. There are many legislative acts, standards and recommendation that have to be considered. It is almost impossible to comply with all relevant regulations without appropriate automation.
European Union in particular went into an overdrive, creating a cybersecurity legislative hailstorm. NIS2, DORA, CSA, CRA, CER, and AIA are already there. PLD and eIDAS 2.0 are cooking in the kitchen, with still more likely to come. Together with older legislation such as GDPR and international standards such as ISO 27001, it makes regulatory compliance a very hard nut to crack. However, this legislation is necessary. Cybersecurity is complicated. Cybersecurity is inevitable for any business to operate, yet it is often seen as nuisance. It is being underfunded or outright ignored. It is very difficult for top management of many organizations to understand cybersecurity, leading to bad decisions. Moreover, the bad guys are more powerful than ever, taking advantage of widespread vulnerabilities, catching users in phishing nets, utilizing malware on industrial scale, all amplified by AI tools. Geopolitical situation is not exactly helping either. As cybersecurity trends are not good at all, it is quite obvious that regulation must intervene. In fact, this was due for a long time.
Cybersecurity was pushed aside for way too long, and now we have to catch up very quickly. This could not be done without good preparation, organization, and especially automation. The flood of threats, vulnerabilities, countermeasures, technologies, and controls cannot be dealt with manual processes anymore. As we all know, identity is at the center of everything – which means it is also at the center of cybersecurity and regulatory compliance. This makes identity governance one of the most important aspects of regulatory compliance.
MidPoint is the state-of-the-art identity governance and administration platform, which ideally positions it to support regulatory compliance. MidPoint supports regulatory compliance in two ways. Firstly, identity governance system such as midPoint is necessary for implementation of cybersecurity standards on scale, as is demonstrated by midPoint ISO 27001 compliance documentation. Secondly, midPoint has an ambition to make regulatory compliance easier by providing default configuration to support compliance with selected regulations and standards.
Our work on making regulatory compliance with midPoint easier starts with ISO 27001. We have created documentation, and we are developing a configuration which makes use of the existing midPoint features. The prototype configuration was demonstrated in a form of live demo during the recent “Regulatory Compliance with MidPoint” webinar.
Being a comprehensive identity governance platform, midPoint is the essential part for cybersecurity compliance in any of its forms. However, we are committed to take it to the next level by using the midPoint platform to drive compliance from the identity point of view. First fruits of this effort can be seen in the demo and much more is coming in the future. Stay tuned!