Which sectors will have to adapt?
What measures does NIS2 introduce?
All companies will need to implement processes and policies to better manage risks. Companies will also have the obligation to timely and transparently inform the public and all competent institutions about cyber attacks and their consequences - when and if they occur.
Medium and large organizations will need to continuously implement security policies over the information system. Companies will also need to conduct a risk analysis.
Organizations will also need to implement practices to detect and handle vulnerabilities, as well as continuously test the company's level of cyber security. Additional obligations include the use of encryption practices and multi-factor authentication and the implementation of secure video, voice and text communications.
Is there any impact on non-EU countries?
The application NIS2 directive to organizations located outside the EU depend on their classification.
For example, TLD name registries, cloud computing, DNS, data centre service providers and content delivery network providers are subject to the requirements of NIS2, if their cybersecurity decision-making center is located within the EU.
How to prepare and how can Thales help?
Thales provides extensive data security solutions designed to assist organizations in aligning with and fulfilling their responsibilities under the NIS2 directive.
Enforce robust access control protocols
Thales CipherTrust solutions offer the capability to configure multi-layered administrative access for enterprise systems both on-premises and in cloud environments. Furthermore, SafeNet Trusted Access allows centralized management of individual user identities, authentication policies based on risk assessment, and the ability to grant or revoke access to systems in hybrid IT setups.
Monitor and oversee every instance of sensitive data access
Thales' array of data security solutions equips your organization with the necessary instruments to monitor and track data access, alongside providing audit trails for verification purposes. For instance, Thales CipherTrust data protection solutions generate audit records detailing encryption key lifecycle actions (such as creation, deletion, rotation, and revocation) and other administrative tasks, aiding in event reconstruction.
Protect transaction and personal data at rest
Thales offers solutions like CipherTrust Manager, Luna Hardware Security Modules (HSMs), and the Data Protection on Demand (DPoD) platform. These tools empower organizations to centrally administer encryption keys and deploy diverse encryption, tokenization, and data masking solutions. This ensures the protection of transactional and personal data across various storage locations, including files, folders, applications, and databases, whether on-premises, in the cloud, or within hybrid environments.
Secure financial and personal data during transmission
Thales High Speed Encryptors (HSE) offer your organization a unified platform for encrypting data during transit across all points — spanning network communication between data centers and headquarters, as well as connections to backup and disaster recovery sites, whether located on-premises or in the cloud.
Develop and maintain secure systems and applications
Thales Luna Hardware Security Modules (HSMs), accessible both on-premises and via the Luna Cloud HSM on DPoD, empower organizations to securely retain signing materials within a reliable hardware device. This guarantees the authenticity and integrity of all application code files.