The Massachusetts Privacy and Data Protection Regulation 201 CMR 17.00 is designed to protect the personal information of residents of the Commonwealth of Massachusetts.
The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
MA 201 CMR 17 is detailed both in terms of the goals of the program and in terms of the computer and network security safeguards that it mandates.
Cymbel recommends the Palo Alto Networks Next Generation Firewall as the cornerstone technical control for meeting MA 201 CMR 17 for the following reasons:
Isolate private data
Security best practices state that one of the best ways to protect personal and private data is to first isolate that data using a combination of networking and security technology. Palo Alto Networks supports security zones, which in effect, allows an administrator to crate a logical zone that isolates the servers holding private data. Once the servers are isolated, policies can be put in place to further protect the data.
Control access to private data based on applications
Once the data is isolated, policies that control which applications have access to the private data can be implemented. Palo Alto Networks is unique in this capability – it is the only firewall that identifies exactly which application is traversing the network, irrespective of port, protocol, SSL encryption or evasive tactic employed.
Control which users have access to private data
Complementing the application-based security policies is the ability to control access based on users and groups via seamless integration with Active Directory. Controlling access by users and groups is unique to Palo Alto networks and is more effective than only using IP addresses. For example, a policy can be put in place that allows only finance users (from within AD) to access private data with the Oracle SQL DB application. All other access by users or applications is denied.
Detect and block threats at the gateway
Controlling access to private data based on user and application is only part of the challenge that companies face. Another key component is protecting the data from threats that target the applications and data therein. Palo Alto Networks next-generation firewalls enable high performance, low latency (up to 5 Gbps) protection against viruses, spyware, or application vulnerability exploits that can complement the desktop offerings highlighted in the regulation.
Monitor traffic flows for unauthorized transfer of private data
Taking full advantage of the in-depth application analysis being performed Palo Alto Networks enables administrators to implement data filtering policies to reduce the risks associated with unauthorized transfer of private data (social security numbers, credit card numbers, confidential data patterns).
Role-based administration
To ensure that only the appropriate personnel are allowed to modify firewall rules and configurations, Palo Alto Networks supports granular role-based administration that allows different individuals to be given appropriate access to the tasks that are pertinent to their job. For tracking and reporting purposes, all administrative activities are logged, showing the time of occurrence, the administrator, the management interface used (web UI, CLI, Panorama), the command or action taken along with the result.
Detailed logging and reporting
All traffic and firewall activities are logged with fingertip access provided through both the log viewer and the reporting tools. The log viewer and reporting both leverage the integration with Active Directory to provide visibility into user behavior that complements the views into application and threat activity for a more complete picture of the firewall traffic. For additional 3rd party analysis and event correlation and all reports can be exported to PDF or CSV format.
Links to explore
More information on Next Generation Firewalls.
More information on Palo Alto Networks.
If you have a question or a comment, or would like more information, please let us know by completing the Contact Us box on the right side of this page.