Thales banner

Saudi Arabia Essential Cybersecurity Controls (ECC)

Thales can help the Saudi Arabian organizations become compliant with the Essential Cybersecurity Controls.

The Kingdom of Saudi Arabia, as part of the Saudi Vision 2030 has developed and promulgated the Essential Cybersecurity Controls (ECC). These measures aim to help government and government-affiliated organizations enhance their cybersecurity posture.

Thales can help your organization comply with the Kingdom’s ECC.

  • Regulation
  • Compliance

Essential Cybersecurity Controls

Essential Cybersecurity Controls have been created with cybersecurity needs of all organizations and sectors in the Kingdom of Saudi Arabia in mind. There are minimum cybersecurity requirements with which organization must comply.

The controls are designed to ensure the confidentiality, integrity, and availability of an organization’s information and technology assets. And the controls revolve around the four pillars of people, technology, processes, and strategy.

The Essential Cybersecurity Controls are organized into five main domains:

  • Governance
  • Defense
  • Resilience
  • Third-Party and Cloud Computing, and
  • ICS Cybersecurity.

Some important highlights and challenges of the Controls are the following:

  • The cybersecurity controls represent the minimum standards with which “all organizations and sectors in the Kingdom of Saudi Arabia” must comply.
  • Not all controls are applicable to all organizations. The applicability of this framework depends on the nature of the business activities that the organization is carrying out. For example, an organization using a cloud hosted solution would be subject to Subdomain 4.2, Cloud Computing and Hosting Cybersecurity. Organizations are therefore advised to perform an assessment if they are subject to the provisions of the ECC controls.

Thales’ guide to Saudi Arabia ECC

The development of the ECCs is a crucial and vital step towards increasing the cybersecurity posture of the Kingdom of Saudi Arabia. Organizations subject to the Controls can take advantage of top-level industry solutions and use existing frameworks such as the NIST Cybersecurity Framework as guidelines.

Thales, a global leader in cybersecurity solutions and services, can help the Saudi Arabian organizations become compliant with the Essential Cybersecurity Controls.

Cybersecurity Governance Domain

Thales offers a variety of data protection professional services designed to help you effectively take your investment and ensure a successfully deployment. These services include:

  • Best practices and awareness workshops for learning about the latest security trends and practices, managing governance risk and compliance and implementing data protection
  • Strategy and design for identifying stakeholders and assigning roles and responsibilities
  • Implementation and operations such as on-site product training, installation and customization of Thales products.
  • Assessment to help your organization prepare for upcoming security audits while reviewing existing environment and business needs.

Best practice security solutions

Best practice for securing the integrity and confidentiality of sensitive data against loss, damage, unauthorized destruction, and unlawful access is strong access management and authentication combined with transparent encryption, integrated cryptographic key management, and security intelligence. Thales provides the following solutions to help organizations comply with Saudi Arabia’s Essential Cybersecurity Controls.

Data discovery and classification

The first step in protecting sensitive data is finding the data wherever it is in the organization, classifying it as sensitive, and typing it (e.g. PII, financial, IP, HHI, customer-confidential, etc.) so you can apply the most appropriate data protection techniques. It is also important to monitor and assess data regularly to ensure new data isn’t overlooked and your organization does not fall out of compliance.

Thales’ CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data on-premises and in the cloud. Supporting both agentless and agent-based deployment models, the solution provides built-in templates that enable rapid identification of regulated data, highlight security risks, and help you uncover compliance gaps. A streamlined workflow exposes security blind spots and reduces remediation time. Detailed reporting supports compliance programs and facilitates executive communication.

Protection of sensitive data at rest

Separation of privileged access users and sensitive user data

With the CipherTrust Data Security Platform, administrators can create strong separation of duties between privileged administrators and data owners. CipherTrust Transparent Encryption encrypts files, while leaving their metadata in the clear. In this way, IT administrators -- including hypervisor, cloud, storage, and server administrators -- can perform their system administration tasks, without being able to gain privileged access to the sensitive data residing on the systems they manage.

Separation of administrative duties

Strong separation of duties policies can be enforced to ensure one administrator does not have complete control over data security activities, encryption keys, or administration. In addition, the CipherTrust Manager supports two-factor authentication for administrative access.

Granular privileged access controls

The CipherTrust Data Security Platform can enforce very granular, least-privileged-user access management policies, enabling protection of data from misuse by privileged users and APT attacks. Granular privileged-user-access management policies can be applied by user, process, file type, time of day, and other parameters. Enforcement options can control not only permission to access clear-text data, but what file-system commands are available to a user.

Strong access management and authentication

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to comply with data security regulations. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy driven role-based access, our solutions help enterprises mitigate the risk of data breach due to compromised or stolen credentials or through insider credential abuse.

Support for smart single sign on and step-up authentication allows organizations to optimize convenience for end users, ensuring they only have to authenticate when needed. Extensive reporting allows businesses to produce a detailed audit trail of all access and authentication events, ensuring they can prove compliance with a broad range of regulations.

Protection of Sensitive Data in Motion

Thales High Speed Encryptors (HSEs) provide network independent data-in-motion encryption (Layers 2,3 and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back. Our HSE solutions allow customers to better protect data, video, voice, and metadata from eavesdropping, surveillance, and overt and covert interception—all at an affordable cost and without performance compromise.

Secure your digital assets, comply with regulatory and industry standards, and protect your organization’s reputation. Learn how Thales can help.

Saudi Arabia Essential Cybersecurity Controls - White Paper

Saudi Arabia Essential Cybersecurity Controls - White Paper

Cyber-attacks are one of the top global risks facing our evolving technological landscape. In response, governments worldwide are developing strategies to help bolster the digital defenses of their agencies and departments. The Kingdom of Saudi Arabia, as part of the Saudi...

Thales CipherTrust Data Discovery and Classification

Thales CipherTrust Data Discovery and Classification - Product Brief

The crucial first step in privacy and data protection regulatory compliance is to understand what constitutes sensitive data, where it is stored, and how it is used. If you don't know what sensitive data you have, where it is, and why you have it, you cannot apply effective...

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

CipherTrust Transparent Encryption - White Paper

CipherTrust Transparent Encryption - White Paper

Enterprise digital transformation and increasingly sophisticated IT security threats have resulted in a progressively more dangerous environment for enterprises with sensitive data, even as compliance and regulatory requirements for sensitive data protection rise. With attacks...

CipherTrust Transparent Encryption - 제품요약

CipherTrust Transparent Encryption - 제품요약

사용중인 데이터베이스와 파일을 데이터 센터에서 보호하는 것만으로는 민감 데이터를 지킬 수 없습니다. 오늘날 대부분의 기업은 50가지 이상의 SaaS 애플리케이션과 빅데이터 환경, 컨테이너 기술, 그리고 온프레미스 가상 환경 및 프라이빗 클라우드와 더불어, 3개 이상의 IaaS 또는 PaaS 제공업체를 이용하고 있습니다.

모든 조직의 민감 데이터 보호를 위한 핵심 요소 - White Paper

모든 조직의 민감 데이터 보호를 위한 핵심 요소 - White Paper

전통적으로 조직은 주로 경계 방어에 IT 보안을 집중했기 때문에 벽을 세워 외부 위협이 네트워크에 진입하는 것을 차단했습니다. 경계 방어는 여전히 중요하지만 충분하지는 않습니다. 사이버 범죄는 주기적으로 경계 방어를 뚫고 있으며 데이터는 클라우드 방어 경계 외부 어딘가에 있는 경우가 많으므로, 조직은 데이터가 어디에 있든 데이터를 보호하는 데이터 중심 보안 전략을 적용해야 합니다. 오늘날 급증하는데이터, 진화하는 글로벌 및 지역 개인정보 보호 규제, 클라우드 채택의 증가, 지속적인 지능형...

The Enterprise Encryption Blueprint - White Paper

The Enterprise Encryption Blueprint - White Paper

You’ve been tasked with setting and implementing an enterprise wide encryption strategy, one that will be used to guide and align each Line of Business, Application Owner, Database Administrator and Developer toward achieving the goals and security requirements that you define...

Unshare and Secure Sensitive Data - Encrypt Everything - eBook

Unshare and Secure Sensitive Data - Encrypt Everything - eBook

Business critical data is flowing everywhere. The boundaries are long gone. As an enterprise-wide data security expert, you are being asked to protect your organization’s valuable assets by setting and implementing an enterprise-wide encryption strategy. IT security teams are...