The document discusses strategies for complying with the EU's General Data Protection Regulation (GDPR). It outlines five critical strategies: 1) Know all personal data stored, 2) Carefully manage access to personal data, 3) Encrypt as much data as possible, 4) Monitor changes affecting sensitive data and prevent critical changes, and 5) Investigate potential breaches. It also discusses how the software company Quest can help customers strengthen data protection, ensure compliance, and avoid fines through solutions that secure and manage data, modernize infrastructure, and provide insights.
2. 2
Topic relevance
The GDPR requires organizations — both “data controllers” and “data
processors” — to strengthen their data protection and security measures to
protect the personally identifiable information (PII) of EU citizens, and to
demonstrate their compliance at any time. More specifically, organizations
must ensure the following:
Only people who should have access to sensitive data actually have
access.
Reasonable measures are in place to protect the data from unauthorized
access.
There is accountability of who is accessing the data.
The organization has an accurate understanding of the scope of any data
breach in a timely manner.
If you offer products or
services to EU citizens,
have EU citizens as
employees or even accept
job applications from EU
citizens, you are almost
certainly subject to the new
GDPR legislation.
3. 3
Critical strategies for compliance
#1 Know all about the personal data you store
#2 Carefully manage access to personal data
#3 Encrypt as much data as possible
#4 Monitor changes that could affect sensitive data,
and prevent the most critical changes
#5 Investigate potential breaches
Quick Fact:
Insider threats represent up to 60% of all attacks. How quickly can you spot an
insider abusing their privileges or an attacker using compromised credentials?
4. 4
How Quest can help
Quest solutions can help make it easier to ensure that your
customer on-premises, cloud or hybrid environment meets
GDPR compliance requirements. Your customers can start
preparing for GDPR now by improving their security posture
and strengthening data protection safeguards across the
entire environment. Doing so can help them achieve and
maintain GDPR compliance and avoid costly fines and
reputation damage.
5. 5
Why Quest
Secure and manage
data
B E T T E R
Modernize
infrastructure
F A S T E R
All network
devices
C O N T R O L L E D
Turn data
into insights
Q U I C K E R
Quest customers gain a competitive edge though better
use of their IT resources.
By automating the mundane IT teams can redesign their
work helping their firm:
Connect
to the cloud
E A S I E R
6. 6
Who We Are
9 0 % o f
F o r t u n e 1 0 0
using our
software
1 , 5 0 0
engineers building
quality products
4 M
c o m m u n i t y
m e m b e r s
sharing best practices
3 , 5 0 0
employees focused
on customers
Quest is a global software provider trusted by 100,000
customers and 6,000 partners in 100 countries.
We help IT organizations spend less time on administration
and more time on innovation.
6 , 0 0 0
partners selling
our software
7. 7
Compliance Roadmap
Prepare AuthorizationProtect &
Secure
ReviewManage
Data Protection Impact
Assessment
Obtain prior Authorization
from the Supervisory
Authority
Data Protection Officer
Protect all data Data Protection
Compliance Review
Define the way data is
collected and managed
8. 8
#1: Data Protection Impact Assessment
According to a 2016 Ponemon Report, only 12% of IT and security staff know the risk of their
structured data
• You need to have a global visibility of sensitive data
• Make sure you are only managing data that you actually need or are lawful to process
• Understand data proliferation
Prepare AuthorizationProtect &
Secure
ReviewManage
9. 5 IT auditing & compliance mistakes organizations make
Lack of visibility into who is doing what in Windows environments.
Underestimating user & organizational impact.
Inconsistent or absence of a GRC strategy.
Inadequate data protection.
1
2
3
4
Failure to plan and manage external and internal audits.5
10. What if you could…
1
With one view answer: who has access,
how was it obtained, and how was it used
– all in real time?
2
Complete investigations with full-text
search of critical IT data and its relation to
users and events?
3
Report on user activity for internal investigations and
compliance?
4
Be alerted on violations, malicious activity and
suspicious trends as they happen?
5
Automate andsecure collection oflog data from
disparate platformswithout needing expertise?
6
Save expensive storage space andmaintain compliance
by storing event logs in a compressed format?
7
Troubleshoot andpinpoint problems should an incident
occur foroperational visibility?
8
Improveinsight andcommunication across teams with
flexible reporting?
9
Eliminate information security silos with integration for
SIEMsolutions?
10
Leverage auditing solutions already in place?
12. Translating criptic knowledge into business insight
USERS
DATA
APPLICATIONS
IT Engineer
PEOPLE
INFORMATION
PROCESSES
13. And enabling management to take the right decisions
PEOPLE
INFORMATION
PROCESSES
Business Manager
14. 14
#2: Define the way data is collected and managed
Embrace privacy by design principles
• Proactive not reactive; Preventative not remedial
• Privacy as the default setting
• Privacy embedded into design
• Full functionality – positive-sum, not zero-sum
• End-to-end security – full lifecycle protection
• Visibility and transparency – keep it open
• Respect for user privacy – keep it user-centric
Prepare AuthorizationProtect &
Secure
ReviewManage
18. 18
#3: Protect all data
Implement data security requirements
• ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing
personal data
• take preventive, corrective and mitigating action in near real time against vulnerabilities
• regularly test, assess and evaluate the effectiveness of security policies
Implement backup and data recovery policies
• Create a backup policy that clearly identifies roles, responsibilities, schedule, location, formats
• Define the differences between backups and archiving data
• Include archiving in addition to processes such as data rescue, data reformatting, data conversion, metadata
Designate a data protection officer
Prepare AuthorizationProtect &
Secure
ReviewManage
19. Data Protection is about INFORMATION
#1 Backup and Replication
#2 InformationSecurity
20. Foundational Backup & Recovery
Cross-Platform Backup & Recovery
Simpleyetscalablebackupandrecoveryformixed environments
Replication & Disaster Recovery
Solutions for site, server, and application disaster recovery
Continuous Data Protection
Real-time backup and instant recovery for mission-critical
applications
Data Deduplication
Byte-level, variable-block-size deduplication to reduce the
backup storage footprint by up to 90%
Virtual Protection
VMware & Hyper-V backup, replication, and recovery
22. Endpoint Management: END-TO-END ELM
Inventory&Asset Management
Service Desk
Systems Deployment
Software Distribution
Patch & Security Management
23. Privileged Account Management
• Hardened Appliance
• Full AES disk encryption
• FIPS 140-2 & ISO 27001
• Embedded hardware firewall
• Purpose built for security
• No direct access of any kind
• Syslog integration
• Highly available architecture
• Scalable clustering
• Small 1U footprint
• Hardware redundancy
• Agentless architecture
• RESTful API
• Secure audit backup
ONE IDENTITY SAFEGUARD
FOR PRIVILEGED PASSWORDS AND SESSIONS
24. 24
#4: Obtain prior Authorization from the Supervisory Authority
• Comply with the requirements
for prior authorization or prior consultation of the supervisory authority in order to ensure the compliance of the
processing with EUGDPR
• Set procedures in place
for contacting the supervisory authority on issues related to the processing and consulting with the supervisory
authority (Data Protection Officer)
Prepare AuthorizationProtect &
Secure
ReviewManage
26. 26
Four Fundamental Concepts
Improve visibility into who has access to business critical
information, automate provisioning and enforce access
controls.
Access Governance
Centrally manage privileged accounts and provide
granular control of administrator access.
Privileged Account
Management
Simplify the environment and user experience with
centralized account management.
Identity
Administration
Audit what the users are doing with the access they have
been granted.
User Activity
Monitoring
28. 28
#5: Data Protection Compliance Review
Implement compliance policies
which shall be reviewed at least every two years and updated where necessary (compliance review shall be carried
out at least once every two years)
Where the compliance review results show compliance inconsistencies, the review shall include recommendations
on how to achieve full compliance
Prepare AuthorizationProtect &
Secure
ReviewManage
31. Quest Software: International leadership
1M
customers
90%
of Global 1000 are Quest
Software customers
4M
community members
Highest overall protection
Next-Gen Firewall
NSS Labs EMA
Radar Report Value Leader for
Boomi Cloud Integration
6,000
team members
Gartner
$2B
software revenue
9 Magic Quadrants
1,600 software
engineers
2,500 software
sales
Thank you for you time today. As I will demonstrate, I believe your time is critical to you and your organization. I’d like to introduce you to our organization, talk about how we help thousands of customers like you, and learn more about how we can help you with your specific challenges.
Most organizations have three major questions about the GDPR:
Is my organization subject to the GDPR?
What does the GDPR mean for my organization?
Is this an urgent issue?
Key GDPR provisions:
Protection of personal data: right to be forgotten, data protection by design and by default, data portability
Continuous compliance and audit
Mandatory breach notifications
To achieve GDPR compliance, you need to gain a clear understanding of the scope of the sensitive data your organization handles, and implement proper processes to protect that data.
Organizations are required to demonstrate GDPR compliance not just monthly or annually, but whenever an auditor asks
Without the right tools, achieving and maintaining GDPR compliance for heterogeneous environments is extremely time-consuming and costly, and diverts resources away from improving operational efficiency, meeting SLAs and innovating the business.
In IT, you’re always under tight deadlines because time is your most valuable asset. This is where Quest can help.
We tackle one of the biggest challenges IT admins face daily: having to using static management tools, left over from a previous era, to administer their highly virtualized infrastructure and cloud-connected applications. This technical inflexibility sucks time from IT teams that would be better spent working on innovation to unlock new sources of company revenue.
Our customers gain a competitive edge though better use of their IT resources. By automating the mundane IT teams can redesign their work helping firms
turn data into insights quicker,
modernize infrastructure faster,
connect to the cloud easier,
secure data better and
get control of every device that touches their network.
We have a history of getting these results. [ NEXT SLIDE]
Based on decades of experience with 100,000 customers in 100 countries, we help you spend less time on administration and more time on innovation.
Our solutions automate and simplify the work being done at more than 100,000 organizations worldwide.
We help firms get where they need to go sensibly with solutions that use a combination of on-premise, hybrid and cloud-based technology to improve the effectiveness of all their major workloads including Microsoft, Oracle and SAP.
Which one of these is most troubling to your business?
Everyone should understand that for organizations to be successful on a competitive market, it’s not about the technology but about enterprise collaboration and about creating the culture to allow and drive the RIGHT people to do the RIGHT job by using the RIGHT tools
The right technology, in the right situation can go a long way towards enabling teams and people to manage business processes and by that, collaborate for the common goal of maximizing business productivity
IT-enabled enterprises are organizations where IT is given the RIGHT purpose of putting technology in the hands of the business. This is done by reaching a level of cultural conscience that enables the organization to adopt those scalable, integrated and enterprise-designed solutions that are built from scratch with the single purpose in mind of being used by non-IT people and providing value to managers
Market research shows that in IT-enabled enterprises, IT value counts as much as 20% of the whole business, because this is business that is adaptive, flexible, responsive to changes and has business processes that are clearly defined and rightfully managed by the right people.
And by that, relieving IT of the load of managing people, information and processes and putting them in the RIGHT position of adding IT value to the organization.
An IT-enabled enterprise provides much higher ROI and has a greater TCO than a traditional one.
For IT personnel, Information Management is about implementing and maintaining APPLICATIONS that will be used by non-IT PEOPLE in order to manage PROCESSES that transform DATA into INFORMATION… in other words, it’s about APPLICATION PERFORMANCE and DATA MANAGEMENT
There are two major areas of interest:
#1 Application Performance Management
#2 Big Data Analytics and Business Intelligence
TRANSFORM – INTEGRATE - DEVELOP
Toad - The best known family of tools dedicated to database development & administration, but also to BI, with roots going back to the 90’s!
Quest enables self-service business intelligence, which means easily and secure access to structured and unstructured data from nearly any source, within a collaborative analysis environment that streamlines data sharing between IT and business, thru intuitive interfaces and leading visualization capabilities that enable business and technical users to easily discover new insight.
Going back to Development, Toad is the world’s #1 name for DBAs everywhere. Dell guarantees application success through improved code quality, performance and maintainability and gives you access to a community of 3 mil. users
Data Protection covers two major areas:
#1 – Ensuring information exists and is always actual within systems and applications, which is done via data backup and replication
In other words, data backup and replication technologies ensure that PEOPLE will always be able to use and exchange most recent corporate INFORMATION in their day-to-day job activities
#2 - Ensuring information is safe and secure
In other words, access control technologies ensure that INFORMATION will be accessed, changed and shared only by the RIGHT people, at the RIGHT time and by using the RIGHT tools so that corporate intellectual property is safe from theft or loss, and the information management tools used are working without downtime
Dell backup and recovery solutions range from scalable software designed for almost any platform, to CDP & deduplication appliances as well as database & application specific data protection. Dell solutions cut backup windows from hours to minutes – and recovering data takes only seconds.
Only Dell allows your customers to back up physical and virtual machines with either agent-based or agentless backup, giving them the best of both worlds. Plus, our broad portofolio lets IT choose the speed at which they recover data to meet business-driven SLAs, as well as choose the levels of protection based on how vital data and applications are to the business
Note to presenter:
Comprehensive data protection software: NetVault Backup
CDP solutions: AppAssure
Deduplication applicances: DR4000 \ DR6000
Application Specific: Recovery Manager for AD / Exchange / SharePoint, vRanger
Database Specific: LiteSpeed for SQL Server
Dell is the only player on the market that provides high-speed replication for both physical and virtual environments and at any layer: infrastructure, database and application. Your customer will be able to achieve high availability, offload operational reporting to a cost-effective secondary system and integrate existing data stores by copying only changed data to VMware, Hyper-V, Windows and Linux, File Systems, Exchange, Oracle, Hadoop, SQL Server, IBM DB2 and other platforms. Our solutions also simplify and accelerate backup and recovery while dramatically reducing storage costs.
Note to presenter: we are discussing about Shareplex, AppAssure, vRanger
Also, we’d like to mention here that Dell Compellent is the only solution on the market that leverages thin remote replication at block level. Thin replication transfers only blocks of data that have changed and does not require pre-allocation, consuming less space and helping to lower bandwidth costs.
22
23
Identity and Access Management is about creating, maintaining and mapping user accounts for the PEOPLE that will access corporate SYSTEMS and APPLICATIONS
And also to control and make sure each PERSON has the RIGHT access to do the RIGHT job by using the RIGHT tools, nothing more and nothing less
Identity Management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an organization) and controlling access to the resources in that system by placing restrictions on the established identities of the individuals
All of the „A”assume there is an identity established for each user. This identity or account resides somewhere (typically in a directory) so it can be authenticated, authorized, managed and audited. And typically the directory is tied specifically and exclusively to the application or system that controls user access. If all this is done correctly, the four „A” are easily satisfied.
All systems include these requirements for authentication, authorization, administration and audit.
Dell Software gives you 30 years of experience in Information Management, Identity Management and Data Protection. This continuous effort enabled us to position the company as an international leader with over 1 mil. customers, 90% of the Global 1000 being among them