[BreachExchange] Network visibility and assurance for GDPR compliance

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jul 18 19:10:36 EDT 2018


https://www.networkworld.com/article/3290429/lan-wan/network-visibility-and-
assurance-for-gdpr-compliance.html

The EU General Data Protection Regulation, or GDPR, came into force on May
25. With every organization with customers and suppliers in the European
Union now accountable for the way in which they handle or process personal
data, much work has been done to ensure compliance by the deadline. As a
result, all levels of a business are now concentrated on meeting the
requirements of the new regulation, throwing the issue of data protection
into focus like never before.

When you consider how big and complex IT networks have become in recent
times, however, it has become almost impossible to detect just when and how
a security breach or network failure might occur. Unsurprisingly, network
security and information assurance are crucial to GDPR compliance, with the
regulation stating that measures must be put in place to mitigate the risk
associated with assuring information integrity and availability in the face
of threats such as malicious code or distributed denial of service (DDoS)
attacks.

It is therefore essential that businesses worldwide have complete
visibility of their IT networks, not only to protect their customers’
personal information (and thereby their own brand reputation), but also to
assure uninterrupted service delivery and, of course, compliance with the
new legislation.

In addition to calling for the “pseudonymisation and encryption” of the
personal data they handle, Article 32 of the GDPR also states that
companies must “ensure the ongoing confidentiality, integrity, availability
and resilience of processing systems and services” and be able to “restore
the availability and access to personal data in a timely manner in the
event of a physical or technical incident”.

Given the size of the penalties for non-compliance, it’s more important
than ever that organizations take steps to minimise the risk of network
downtime, or else they could find themselves on the wrong side of the
regulations.

Since the information protected by GDPR and other similar regulations
traverses the network in the connected world, the availability, reliability
and responsiveness of this need to be assured. This isn’t only important
for GDPR and compliance in general, though; it should be a top priority for
any business today.

>From banks to retailers, and manufacturers to utility providers,
organizations across every industry are now reliant on consistent,
always-on connections to their customers, partners and suppliers. If this
connectivity is to be removed, business could grind to a halt. Indeed,
future of any company today depends on the resilience and availability of
its IT and communications networks.

Network visibility for service assurance

Regulations such as the GDPR, PCI-DSS and HIPAA define the types of
personal data that may be collected and recorded by a business, such as
personal email addresses, phone numbers, IP addresses and credit card
information, health records as well as where that data can be sent and how
it should be secured and assured.

Since GDPR also restricts cross-border data transfers, it’s important that
networking teams understand the country of origin of any particular data,
and how that data will traverse the organization’s networks, remaining
mindful of which paths it will take and where it will be stored.

To assure and keep track of this information, therefore, businesses will
require full visibility across their entire network, including in the data
centers and – now, more than ever - the cloud. This holistic visibility
across the entire service delivery infrastructure – from the wireless Edge
to the Core to the datacenter and into the Cloud – can be achieved by
continuous end-to-end monitoring and analysis of the traffic data, or
“wire-data”, flowing over the network.

With GDPR compliance, and Article 32, not to mention much of modern
business activity, reliant on the availability of effective, resilient and
secure infrastructure, it’s important that the right approach is taken to
service assurance. Analysis of this wire-data in real-time will enable IT
teams to generate smart data which can provide the end-to-end service-level
visibility and actionable insights they need to deliver this assurance.

Avoiding potential penalties

Under the GDPR, any organization that processes the personal data of EU
citizens, including the tracking of their online activities, is now within
the scope of the law, regardless of whether or not that organization is
located in the EU itself. Many column inches have already been dedicated to
the fact that any company found to have neglected its duty in protecting
the privacy of that data may be liable to a potentially eye-watering fine
of up to €20 million or four percent of its annual turnover, whichever is
higher. While the privacy and protection of personal data have always been
important considerations for a business, the prospect of penalties such as
this mean there is more at stake now than ever before.

However, with robust protection measures in place, and with the assurance
of complete network visibility and availability, businesses across the
world can be more confident that the reliability of their networks is a
check on the GDPR compliance list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180718/efe2fcf1/attachment.html>


More information about the BreachExchange mailing list