How UTMs Can Help Your Business Stay Compliant

Failure to comply with government regulations can have long-lasting consequences, including financial penalties, lost market share and damage to a company’s reputation.

Several federal regulations — for example, the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Children’s Internet Protection Act (CIPA), Sarbanes–Oxley (SOX) and the Federal Information Security Management Act (FISMA) — include specific requirements on building and maintaining secure networks, such as installing and maintaining a firewall or using encryption for data transmission.

But if one component of a security system is out of compliance, then the entire system is considered to be noncompliant. For many SMBs, unified threat management devices are not only an essential element in meeting compliance requirements, they also make the process simpler.

“The fact that they have to continually make sure they’re in compliance means they want as few moving parts as possible,” says Bill Prout, technical engineer and product specialist at Sophos. “A UTM really simplifies things so you can get a better handle on it, it reduces your risk, and it allows you to quickly and easily maintain and ensure you’re still in compliance.”

Prout adds that a UTM also makes it easier to demonstrate compliance to an auditor. “You’re able to take a look on one screen and show them here’s my secure firewall, here are my VPN tunnels, here are my proxies for web access, and here are the security policies for password access,” he says. “You’re going to look at all these types of things on one single pane of glass, which makes it simple for auditors.”

Along with federal regulations, several states require companies to notify customers in the event of a data breach. A UTM device’s reporting capabilities can help a company mitigate their legal liability, says Chris McKie, WatchGuard Technologies director of compliance.

“You want insight that’s easy to use, easy to get, and can generate meaningful reports that tell you what’s going on inside your network,” McKie says.

He also suggests that SMBs look for UTM solutions that offer report templates for common regulations, such as PCI and HIPAA.

“All of our UTMs come with report templates that meet the most common regulatory schemes,” McKie says. “If you’re a retailer and using our appliance, it’s already preset with PCI defaults so that it’s easier to set up, you’re less likely to make a mistake, and it gathers a report on each PCI callout, so an auditor review is super quick.”