Virtualization Technology News and Information
Countdown to GDPR - Businesses Prepare for a New Level of Global IT Compliance


The world is just days away from the start of one of the most onerous, stringent and consequential data privacy regulations ever to be enacted.

Starting Friday, anyone who uses or stores personal data of European Union citizens must adhere to the new General Data Protection Regulation (GDPR). The comprehensive and punitive nature of GDPR is raising severe concerns across nearly every industry where personal data is used.

GDPR was created to secure what its designers see as a fundamental right for people to protect their personal data. Under this premise, anyone can request to be informed about how and when their information is used. And they have the right to have it corrected, erased or retrieved.  

Any company that violates these rights can be fined as much as 4 percent of its annual revenue or €20 million, whichever is higher. For example, a company with revenue of $10 million could face a single fine of $400,000.

To achieve compliance, many businesses are working to develop and maintain stable, unified and flexible infrastructure models that can protect organizations against modern threats. Backup and discovery tools are being put in place to combat and prevent data loss and ensure the availability of replicated data for full IT resilience.  

"The quickly approaching GDPR deadline has many companies distressed about how to handle their customer data like never before," said Zerto CEO Ziv Kedem. "Despite a clearly defined compliance date since 2016, there is still a lot of uncertainty around it - combined with the threat of fines of up to $24 million - means many organizations are still wary of the impending regulation."   

Even with the best resources and internal mandates, many businesses will still be working to meet GDPR compliance levels well beyond the official start date this Friday. A US Signal 2018 Security ‘Health of the Nation' Survey found that nearly half of respondents will not be ready to comply when the regulation goes into effect, or they are unsure if it applies to their organization.

"GDPR compliance is a daunting task, especially with the deadline quickly approaching," said Matt VanderZwaag, director of product development at US Signal. "The reality is that compliance and the heavy fines associated with non-compliance can be overwhelming, especially if you are not a GDPR expert. In the future, GDPR, and data protection, in general, should now be part of all conversations with managed service providers, to ensure that compliance is a top priority and that companies don't fall behind due to lack of internal resources."

GDPR covers personal data as well as application data. Companies like WhiteHat focus on this as a business, offering both dynamic and static application security testing (DAST and SAST) products to help customers know what information is visible externally while protecting the information they are allowed to collect.

"The world is recognizing how data is the lifeblood of applications. Privacy of this data, integrating security training and formalizing data boundaries all require applications to be secure by design. Just as there are multiple layers of security in the most secure buildings, we have to create the same level of insulation for our digital information," said Setu Kulkarni, vice president of WhiteHat Security corporate strategy. "By understanding how applications, both web and mobile, handle sensitive data and how they authenticate via best practices in development and operations, you can understand the context of data in use, and prove everything is being done to protect the data."

For potential breaches stemming from web applications, DAST products can identify web application security risks with the ability to customize asset importance/ranking according to what privacy data it touches, and how to avoid potential privacy breaches. To address training compliance, companies can implement eLearning to help individuals learn how to code securely, and better comprehend general security awareness.

Cloud 66, which provides operations tools for building and running containerized applications, is promoting a holistic view of secure and compliant operations. The company's tools provide an operational opinion for developers, combined with the opportunity for savvy users to assert as much control as they need.

"We believe compliance with GDPR criteria should include important operational details like alternate deployment models, fine-grained user access control, advanced secrets management, vulnerability minimization and scanning, ease-of-use with private registries, and various security tools,"said Khash Sajadi,Cloud 66 CEO and founder.  

Ensuring data is identifiable and accessible is a dominating theme for companies on the path to GDPR compliance, which should drive additional investments in long-term data protection strategies. For example, a business managing large data sets might prioritize investments in data infrastructure automation software, which can be extremely beneficial.

"Automation software can be used to automatically tag data, ensuring data is identifiable, auditable and quickly retrievable if an organization should receive a GDPR-related request for access," said Neil Barton, CTO of WhereScape. "To protect their organizations and the customers they serve, companies must proactively invest in the data protection strategies and technologies needed to avoid the pitfalls, and corresponding penalty fines, associated with the GDPR."   

Many in the industry believe GDPR presents an opportunity to build more stable environments.

"With the challenge of quickly and accurately identifying and finding personal data, organizations with large datasets should embrace an information-driven approach that processes all relevant content and data across the enterprise intelligently and securely into information that is contextual to the task at hand and aligned with each user's goals," said Scott Parker, director of Sinequa product marketing.  "By extracting relevant information from enterprise data and using it for better decision making, organizations will be able to achieve superior customer service and operational efficiency, while at the same time complying with GDPR regulations."

Published Wednesday, May 23, 2018 7:13 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2018>