The Personal Data Protection Act (PDPA), which came into full effect on June 1st, stipulates that Personal Data Security refers to the confidentiality, integrity, and availability of personal data. Organizations that handle personal data must take steps to prevent any loss, unauthorized or unlawful access, use, change, amendment or disclosure of the personal data. There must be safeguards to cover the administrative, technical, and physical risks, so organizations in Thailand are now investing in people, process and technology – the three resources necessary to create the desired outcomes of the PDPA journey.
The challenge becomes tougher after the pandemic; when Work-From-Anywhere model is prevalent and remote connections to access sensitive data and applications in the organization are critical. With the PDPA in force, modern organizations have to put more priority on effective tools that allow secure, robust network access control and multi-factor authorization policy management. This is a delicate, complex, and time-consuming implementation process. Technology and tools are the largest components of the data protection budget for many companies, and business leaders must plan ahead to invest in data privacy controls especially given that the PDPA effective date has passed.
Fortinet, the world leader in cybersecurity, today introduces a quick way to help small and medium-sized enterprises have a headstart in complying with the Act faster and easier. The “2 + 1” formula consists of two key solutions, FortiGate1 and FortiSIEM2, together with one additional feature, two-factor authentication (2FA) which needs the token software installed on smartphone. SMEs, and even large enterprises, can easily adopt 2FA with Fortinet’s zero trust access solution, that can thoroughly address the data security protection issue that most organizations are concerned about.
The advanced next-generation firewall FortiGate and FortiSIEM offer comprehensive range of functionalities that comply with security measures of PDPA as follows:
- Able to gain strong control on the access to personal data as well as personal data storage and processing appliance,
- Able to establish policies relating the authorization or assignment of access rights to personal data conveniently,
- Able to view and operate the user access management efficiently; in order to allow only authorized persons to access to personal data,
- Able to identify the user responsibilities; to prevent unauthorized access to information or prevent the action that may lead to the data disclosure, known, duplication as well as data storage and processing device theft,
- Able to store and examine all log histories of access, change, deletion or transfer of the data.
Fortinet’s solution has the unique advantage that the 2FA feature can be enabled with Mobile Token instantly on the FortiGate firewall appliance. Organizations that are using the FortiGate firewall just need to purchase licenses for the additional 2FA feature. This is a simple and effective method that enterprises can provide multi-level authentication with their corporate accounts confidently. It’s more seamless, convenient, and cost-effective, allowing enterprises to rapidly accelerate their PDPA compliance journey.
Dr. Rattipong Putthacharoen, Senior Manager Systems Engineering Department of Fortinet explains “Many Fortinet devices already have a number of personal data protection capabilities. This means customers who are currently using FortiGate firewall can turn on the embedded data protection functions to comply with requirements in PDPA. Fortinet launches the new “2 + 1″ formula to educate the customers that they shall focus on necessary technical solutions that help them meet the general PDPA requirements. It can be a faster starting point in constructing PDPA-supported processes. After that, the organizations can opt to gradually expand their security capabilities according to their business needs, with step-by-step security risks reduction without increasing the burden on the IT team.”
Source: Communication Arts