Observer Analyzer : Observer Analyzer : Security and Privacy : Security, privacy, and regulatory compliance
Security, privacy, and regulatory compliance
Regardless of how any sensitive information is gathered, being a processor of it subjects your institution to all regulations, laws, statutes, and policies that may apply, and Observer can help you achieve and maintain compliance with many of them.
Security and privacy concerns are a reality for most businesses—perhaps even greater for worldwide enterprises. Fortunately, Observer accommodates virtually any privacy or security need that arises within or outside of your company, including any governmental regulations.
Observer is a software application that collects network traffic, and as sensitive or personal information flows over the network (as it does), it too is collected. The following are some examples of sensitive information that Observer may collect:
IP and MAC addresses
Web form submissions, including passwords
Email and visited web sites
Instant messages and chats
Application usage statistics
Downloaded and uploaded content
Sensitive files on network storage
Employee or client records
Payment transactions
Phone calls (VoIP only)
Tip! Observer is compatible with hardware security modules that comply with the Federal Information Processing Standards (FIPS) number 140. See Decoding encrypted network traffic for more information.
To become better aware of how you might follow regulations, here are some (non-exhaustive) examples of decisions to consider while configuring Observer and/or GigaStor:
Data retention length—how long should you keep data?
User accounts—who gets access to privileged data?
Encryption—does our data need to be impenetrable?
Exclusions—should some data never be collected, ever?
Sharing—how can we share our data safely and securely?
Physical security—do we need to isolate our equipment?
Notification—who else should know we collect data?
Ultimately, your institution alone is responsible for regulation compliance, but Observer can help you meet those requirements.