Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/14/2018
09:00 AM
Simon Eappariello
Simon Eappariello
Partner Perspectives
50%
50%

The GDPR Clock Is Running Out. Now What?

Many organizations impacted by new European Union data privacy rules that go into effect May 25 are still blind to some of the basics.

On May 25, the European Union’s General Data Protection Regulation (GDPR) goes into effect. The transformative new law is expected to have a profound impact on how businesses the world over collect, manage, and defend their data. But while companies have had more than two years to prepare for the ground-breaking legislation – passed in late 2015 – many organizations that will be impacted most by the new rules are still blind to some of the basics.

For starters, despite being drafted and enforced by the European Commission, the GDPR represents the first global mandate on data protection. That's because in the age of big data and widespread connectivity, almost every business today is global in scope and data-driven to some extent. Consequently, there are few companies that won’t need to adjust their policies over the next few months.

Better Late than Never

Where to begin? Bearing in mind that almost all businesses will be touched by the legislation, security teams the world over can start with this three-pronged approach:

Step 1: Assess and audit your data posture
Incremental changes to an existing operational structure can be costlier than reevaluating your approach to data collection and storage from the top-down. Businesses should know where and how they are storing data, if it is encrypted, and if the encryption keys are stored appropriately. Businesses should do this now while they still have time rather than making “knee-jerk” changes once GDPR is active.

If your company isn't already implementing audit trails to keep track of where the larger business stands on compliance, this should be your first step. Audit trails assure that no one is resting on their laurels by giving teams necessary “checks-and-balances” in the lead up to the May deadline. These records can be used to hold individuals across the organization accountable, and to assure that they are meeting deadlines by creating a paper trail of activity. IT can reference these trails incrementally in the weeks leading up to the GDPR deadline to get a pulse-check on the overall status of the transition.

Step 2: Re-evaluate systems and technology
Many existing information security systems will need to be restructured or reconsidered to comply with the new GDPR  standard. Organizations that rely solely on next-generation firewalls, for instance, won’t be putting enough protections around user data to adequately block theft on the way out. Even proprietary encryption techniques designed by an organization’s IT team may not be as robust as the latest industry standards once compliance becomes an issue. Businesses should look to source technologies built for modern distributed mobile environments, where data can be stored and accessed in a multitude of ways. Solutions that find, encrypt and/or anonymize PII data could become crucial for limiting GDPR fines after a data breach.

Reporting and monitoring of traffic and the exchange of data should also be automated, and easy-to-access – not to mention easy-to-use – since staff at various levels of the corporate totem pole with varied technical expertise will be accessing this information to assure GDPR.

Step 3: Align business goals across the organization
Data collection and storage policies need to be transparent across the business to assure that proper checks and balances are in place. Historically, this knowledge only tends to fall on IT and security administrators, but given the high-stakes of noncompliance with GDPR, the burden needs to fall on all employees across the organization. GDPR gives businesses the opportunity to replace legacy processes that had presented communication challenges in the past. Since adhering to GDPR requires buy-in across the organization, issues that were once relegated to dark corners of the company should be top-of-mind throughout.

Hopefully, bearing these approaches in mind and viewing GDPR as an opportunity – not a burden – will set organizations for success as the May 25th deadline for compliance approaches.

Simon Eappariello is the senior vice president of product and engineering, EMIA at iboss. He has a long history working in cybersecurity, networking, and information technology for global organizations in both the private and public sectors. Simon heads up iboss engineering ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit www.iboss.com.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.