SlideShare una empresa de Scribd logo

EveryCloud_GDPR_Whitepaper_v2

K
Keith Purves
1 de 10
Descargar para leer sin conexión
The new EU General Data Protection Regulation (GDPR) What these tough new laws mean for your business and its cloud services
EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 2 Designed to modernise and strengthen data protection laws originally drawn up before mass Internet adoption, the European Union’s General Data Protection Regulation (GDPR) is on its way. The new framework tightens up data protection for individuals inside the EU and also covers the export of personal data outside it. Coming into force this summer, EU member states have two years to implement GDPR, which features strict new rules and punitive measures. UK organisations need to start planning, especially as so much sensitive employee and customer data is now stored or processed in the cloud. Strict new data laws: time for action
The new EU General Data Protection RegulationEVERYCLOUD 3 ‘Europe’s biggest data protection shake-up for 20 years’ With a significant percentage of businesses that use cloud services reporting losing data – industry analysts Aberdeen Group have indicated that this could be as high as 32% of companies 1 – and the threat of cyber attacks continuing to grow, the GDPR places new and more onerous responsibilities on organisations. For example, data breaches must be reported within 72 hours. All privacy policies, procedures and documentation have to be robust and current at all times, with the relevant data protection authorities able to request them at any time. Organisations of a certain size will require a Data Protection Officer, a role many do not currently have. Organisations will need to keep an accurate and up-to-date information asset register, maintain demonstrably strong technical and procedural controls over all data, and manage privacy policies on an ongoing basis that not only inform employees, users and customers how personal and confidential data will be stored and processed but also have their consent. GDPR legislation will apply to any company that handles European Union citizens’ data, even if that company is not actually based in the EU. One of the biggest changes is the significant increase in financial penalties resulting from a failure to comply: up to four percent of global turnover or €20 million (£15.9m), whichever is the greater. This, in itself, should be a catalyst to take action now. At the simplest level, this means asking questions such as: Is two years long enough for our organisation to plan, take action and fully comply? What exactly are the implications for the cloud services we currently use? And – perhaps most importantly - how can I close the gaps in my data protection strategy as it relates to our cloud security, data usage and identity access arrangements? Plan to protect: data protection gets serious Welcomed by the European Council as “a major step forward in the implementation of the Digital Single Market Strategy”, the implications of the complex GDPR framework for UK organisations are serious. BBC News has described the GDPR as “the biggest shake-up of data protection laws for 20 years” with the stated aim “to give citizens back control of their personal data as well as simplifying the regulatory environment”2 . Four years in the making, in December 2015 the EU Commission, Parliament and Council of Ministers agreed the GDPR after months of negotiations. The rules come into force in 2016, with EU member states given two years to comply. So what are the potential impacts, and what should you be doing? First, companies with more than 250 employees will need to employ a Data Protection Officer. In terms of urgency, the UK’s Computer Weekly has reported that while organisations may feel they have “plenty of time to get ready, the clock is ticking and it’s later than you think.”3 1 Aberdeen Group research, “SaaS Data Loss: The Problem You Didn’t Know You Had” 2 BBC News, “What does shake-up of EU data laws really mean?” - Jane Wakefield, 14th April 2016 - http://www.bbc.co.uk/news/technology-36037324 3 Computer Weekly, “Do not delay, EU data protection changes on the way” - “http://www.computerweekly.com/feature/Do-not-delay-EU-data-protection-changes-on-the- way 32%OF COMPANIES REPORT LOSING DATA
EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD A compelling case for change With the GDPR requiring that all privacy policies, procedures and documentation are robust and up to date, the implications for every function involved in data handling are enormous. Decisions on where you store personal data covering customers and employees, for how long, and where and how you process that data, are assuming far greater strategic importance to the enterprise. As more and more companies depend on an At least three issues are converging here: increasing number of cloud apps and services to support their operations, the Cloud Security Alliance, “the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment”4, says “From a cloud computing point of view, these changes are long overdue and will lubricate the roll-out of utility-based computing in the EU.”5 This is as much about trust as it is compliance. A recent Intel survey reported that 72% of companies cited “compliance” as their biggest concern around cloud adoption6, with the CTO of Intel Security EMEA commenting: “As we enter a phase of wide-scale adoption of cloud computing to support critical applications and services, the question of trust within the cloud becomes imperative…. The key to secure cloud adoption is ensuring sufficient security controls are integrated from the start so the business can maintain their trust in the cloud”.7 There is clearly a growing awareness of the potentially serious consequences of a data breach and the value of those “sufficient security controls” being integrated fast - requirements underlined by the demands of the GDPR. 1Increased cloud adoption 2 A far stricter regulatory environment 3A continuously evolving threat landscape 4 Cloud Security Alliance - https://cloudsecurityalliance.org/about/ 5 Computer Weekly, “Do not delay, EU data protection changes on the way” - http://www.computerweekly. com/feature/Do-not-delay-EU-data-protection-changes-on-the-way 6 Blue Skies Ahead? The State of Cloud Adoption – Intel report, 2016 7 Business Cloud News, “Only 13% trust public cloud with sensitive data – Intel survey”, 14th April 2016 - http://www.businesscloudnews.com/2016/04/14/only-13-trust-public-cloud-with-sensitive-data-intel-survey 4
The new EU General Data Protection RegulationEVERYCLOUD 5 “The European Commission put forward its EU Data Protection Reform in January 2012 to make Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed. The Regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market. A single law will also do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. ‘A modern and harmonised data protection framework across the EU’ The Directive for the police and criminal justice sector protects citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism.” The official texts of the Regulation and the Directive were published in the EU Official Journal in all official languages on 4th May 2016. While the Regulation came into force on 24th May 2016, it will apply from 25th May 2018. The Directive entered into force on 5th May 2016, and EU Member States have until 6th May 2018 to transpose it into their national law. Source: European Commission > Justice > Data protection > reform - http:// ec.europa.eu/justice/data-protection/ reform/index_en.htm 90%OF EUROPEANS WANT THE SAME DATAPROTECTION RIGHTS ACROSS THE EU
The new EU General Data Protection RegulationEVERYCLOUD A ‘Discover yourself’ ‘A lack of understanding’ when it comes to cloud services The GDPR is providing many organisations with added impetus to prioritise what many call cyber security and what is increasingly termed cloud security and identity access. At the end of 2015, CNBC reported that around half-a-million attack attempts were happening in cyberspace every minute.8 Another report in late 2015 had found that 25% of organisations had experienced a cyber attack in the previous 12 months, and the majority of respondents – 51% - were concerned about “a loss of control over their data when using public cloud services and applications”.9 The threat of data loss is real. So, when it comes to the GDPR, have you made any plans yet? Do you already have a budget and/or dedicated resources earmarked for GDPR compliance, not least as it relates to protecting the employee and customer data that you store, process or share using cloud services? If you do, you may be in the minority – and in any Elsewhere in the same report on cloud access and security, Gartner comments: “Many enterprises lack a complete understanding of the cloud services they consume and the risks they represent, which makes compliance and protection difficult... Even when cloud services are known, most enterprises struggle to consistently verify compliance or the secure handling of sensitive 8 CNBC, “Biggest cybersecurity threats in 2016”, 28th December 2015 - http://www.cnbc.com/2015/12/28/ biggest-cybersecurity-threats-in-2016.html 9 Sixth annual Databarracks Data Health Check Report, 2015 10 Gartner Report: How to Evaluate and Operate a Cloud Access Security Broker, 08 December 2015 | ID:G00292468, Analyst(s): Neil MacDonald, Craig Lawson 11 Ibid. case, this is an extremely complex and constantly changing area. “Enterprise goals for security and regulatory compliance are some of the more difficult enterprise requirement areas complicating the selection of cloud services,” says industry analysts Gartner, Inc. - adding that although many cloud applications may have a similar look and feel, “they differ significantly in ways that affect risk, and their risk considerations may change over time. Furthermore, for most cloud service categories, dozens of options are available to organizations. Enterprises need to continue to understand and verify the compliance and security posture of this cloud service.”10 While some organisations may already have an in- house Data Protection Officer or Information Security Officer, many more do not. Do you currently maintain an accurate and up-to-date information asset register, and are you confident that you have strong technical and procedural controls over all of the data you store or process? Your cloud security and identity access policies must not only be strong enough to have an impact, they will also need to be monitored, enforced and refreshed on an ongoing basis. And remember, if a data breach occurs, you will not only have to notify relevant data protection authorities within 72 hours: if the leaked data is likely to impact on the rights of the individuals involved, you must also notify them. 25% OF ORGANISATIONS HAVE EXPERIENCED A CYBER ATTACK data within and across these disparate services. Enterprises have no standardised way to detect whether (and when) compromised credentials or unmanaged devices are used to access cloud services.”11 This type of situation cannot persist under the GDPR. 6
EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 7 With so much to take on board, the GDPR can seem a little overwhelming - not least because data protection and cloud security are almost certainly not your core business and nor should they be, even though they are assuming far greater strategic importance to the business. In the majority of cases, GDPR compliance will be enabled by drawing on knowledge, expertise and solutions from specialist CASB (cloud access security broker) companies such as EveryCloud. The first step is discovery: to better understand the risks you face in terms of the data you hold or process, and any data loss prevention (DLP) issues that might conceivably lead to a lack of compliance now or regulatory infringements later; to reveal key obstacles to compliance and to rapidly identify ways to resolve or remove them. A valuable first step on the road to GDPR compliance is asking six simple questions about your business; you may be surprised by the answers. - Where do our cloud apps process and store data? - Do our apps adequately protect data from loss, alteration and unauthorised processing? - Have we executed a data processing agreement with the cloud apps that we use? - Do our apps collect only “necessary” data - and limit processing of “special” data? - Do our cloud vendors forbid use of personal data for other purposes, such as third party sharing? - Can we erase the data when we stop using an app? Towards GDPR compliance: first steps
The new EU General Data Protection RegulationEVERYCLOUD 8 Inactivity is not an option. With cloud security provider CloudLock reporting that shadow IT applications create a ‘perfect’ group of three risks: “data loss through unauthorised channels, injecting malware to the environment and compromising users’ identity”, Gartner, Inc. has also made a Strategic Planning Assumption that “by 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, which is up from fewer than 5% in 2015.” 12 12 Gartner Report: How to Evaluate and Operate a Cloud Access Security Broker, 08 December 2015 | ID:G00292468, Analyst(s): Neil MacDonald, Craig Lawson 13 Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015, 10 November 2015 - http://www.gartner.com/newsroom/id/3165317 Driving GDPR compliance: the EveryCloud approach Action is being taken now, and the scale of the challenge in data protection will only increase: in terms of the connected Internet of Things (IoT), Gartner has predicted there will be 6.8 billion connected devices in use in 2016, a 30% increase compared to 2015. By 2020, Gartner says, that number will have risen to more than 20 billion connected devices. During 2016, “5.5 million new things will get connected every day”. 13 “By 2020, 85% of large enterprises will use a cloud access security broker solution” 6.8 BILLION CONNECTED DEVICES IN USE IN 2016
EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 9 Comply Policing and enforcement are crucial to protect your organisation and its data, avoiding regulatory intervention, costly fines and reputational damage. You need to make a full commitment to monitoring and managing all cloud apps and services, including file content monitoring to locate and report on all regulated data including financial and customer personal data, to ensure compliance in data protection. This includes GDPR compliance, PCI and credit card security. Certify So long as the threat landscape continues to change and new regulations come into force, an all-encompassing cyber security and data loss prevention (DLP) strategy will remain critical. A planned programme of review and recommendations drives the regular scrutiny and refresh of policies and procedures, regardless of the data involved and for any app, cloud service or provider. Improved understanding should inform development of the most appropriate access, identity, data usage and security policies, and also educating employees on the threats, raising awareness and changing behaviour if necessary. The business has to be fully aware of where its cloud apps actually process and store data, and if those apps provide the appropriate protections for personal user/customer data against unauthorised access, loss and alteration. The right policies can include firewall, email and data loss prevention (DLP) strategies, to manage, restrict or deny access, and revoke sharing as needed – while avoiding any negative business impacts. Aware Discover It is crucially important to understand the true costs and risks you face, which means identifying the unsanctioned and shadow IT that might compromise your security, result in data breaches and lead to GDPR penalties. Activity can include a comprehensive Cloud Audit, Security Assessment and Cloud Expense Management exercise, taking an in-depth look at the apps and cloud services you use, analysing traffic patterns, examining how your people access the cloud, while also locating sensitive and at-risk data, and understanding the imminent and longer term threats. The optimum approach to cloud security and identity access security, in pursuit of GDPR compliance, should align with the demands of your business, the security risks you face, and the real-life needs and behaviours of your user community. The EveryCloud approach is based on four key elements, aligned with but also extending “the four pillars of cloud access security” as defined by Gartner: Visibility, Compliance, Data Security and Threat Protection. 14 With more than 100,000 apps already discovered and the number rising steeply, the process starts with gaining an understanding how your app infrastructure holds together and where the vulnerabilities are hiding. 14 Gartner Report: Mind the SaaS Security Gaps, 03 October 2014 | ID:G00263947, Analyst(s): Craig Lawson, Sid Deshpande
The new EU General Data Protection RegulationEVERYCLOUD A - Do you currently have all the information you need to plan for the GDPR effectively – including the true breadth and extent of data storage and data processing services you access and use via the cloud, along with the true extent of unsanctioned and shadow IT in your organisation? - Do you actually know what user/customer personal data you hold, where it is, and how secure it is? - Have you already documented and do you enforce the most robust cloud security, identity access and data loss prevention (DLP) strategies and policies? - Are there gaps in your data protection strategy right now – and do you know the fastest and most effective ways to close those gaps? You can start your journey to GDPR compliance now, by asking the following questions: In light of the GDPR and other pressing requirements, enterprises want to be sure they are accessing and using essential cloud services - whatever services are required - in the safest ways, avoiding any data leakage and preventing unauthorised data access and sharing at all times. Of course, the price of failing to secure your data both in and out of the cloud can be significant: from data breaches that fall foul of the GDPR to loss of intellectual property assets, reputational damage and impacts on profits. Conclusions CALL 0800 470 1820 EMAIL discover@everycloud.co.uk WEB everycloud.co.uk

Recomendados

GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
Angad Dayal
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
Angad Dayal
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
Laurence
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
Plr-Printables
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
John Nas
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 

Recomendados

GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
Angad Dayal
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
Angad Dayal
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
Laurence
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
Plr-Printables
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
John Nas
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
The Economist Media Businesses
 
The non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security allianceThe non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security alliance
Sumaya Shakir
 
Legal Implications of a Cyber Attack
Legal Implications of a Cyber AttackLegal Implications of a Cyber Attack
Legal Implications of a Cyber Attack
Brian Miller, Solicitor
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
Symantec
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insurance
Munich Re
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law Firms
CloudMask inc.
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In Preview
Rockwell Bower, Esq., CIPP(US), CIPM
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Cédric Laurant
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
Jes Breslaw
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
Samo Zavašnik
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
RobertPike
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
Hayden McCall
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
Transcendent Group
 
20140317eyinformationsupp
20140317eyinformationsupp20140317eyinformationsupp
20140317eyinformationsupp
Nicola Hermansson
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues
Roger Royse
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
Ներսես Շնորհալի
Ներսես ՇնորհալիՆերսես Շնորհալի
Ներսես Շնորհալի
Hakob123
 
Grosseto 2016
Grosseto 2016Grosseto 2016
Grosseto 2016
Laura Maffei
 
kcw samples info
kcw samples infokcw samples info
kcw samples info
Kasey Wood
 

Más contenido relacionado

La actualidad más candente

The non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security allianceThe non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security alliance
Sumaya Shakir
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
Jes Breslaw
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
RobertPike
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 

La actualidad más candente (19)

Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
The non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security allianceThe non market issue of cloud computing hp - cloud security alliance
The non market issue of cloud computing hp - cloud security alliance
 
Legal Implications of a Cyber Attack
Legal Implications of a Cyber AttackLegal Implications of a Cyber Attack
Legal Implications of a Cyber Attack
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insurance
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law Firms
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In Preview
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
20140317eyinformationsupp
20140317eyinformationsupp20140317eyinformationsupp
20140317eyinformationsupp
 
Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues Farm Data: Examining the Legal Issues
Farm Data: Examining the Legal Issues
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 

Destacado

kcw samples info
kcw samples infokcw samples info
kcw samples info
Kasey Wood
 
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
Christoph Bauermeister
 
Emi-Rod PPT - INTRO_Sep16
Emi-Rod PPT - INTRO_Sep16Emi-Rod PPT - INTRO_Sep16
Emi-Rod PPT - INTRO_Sep16
Gil Volkovizki
 
Reduccion y oxidacion
Reduccion y oxidacionReduccion y oxidacion
Reduccion y oxidacion
Islandia Ruta
 

Destacado (13)

Ներսես Շնորհալի
Ներսես ՇնորհալիՆերսես Շնորհալի
Ներսես Շնորհալի
 
Grosseto 2016
Grosseto 2016Grosseto 2016
Grosseto 2016
 
kcw samples info
kcw samples infokcw samples info
kcw samples info
 
VIVEK KUMAR_CV2
VIVEK KUMAR_CV2VIVEK KUMAR_CV2
VIVEK KUMAR_CV2
 
What is-love
What is-loveWhat is-love
What is-love
 
Evaluation Question 3 - What have you learnt from your audience feedback
Evaluation Question 3 - What have you learnt from your audience feedbackEvaluation Question 3 - What have you learnt from your audience feedback
Evaluation Question 3 - What have you learnt from your audience feedback
 
WORK
WORKWORK
WORK
 
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
Wechsel von Oracle Cloud Control 12c zu 13c #DOAG2016
 
Emi-Rod PPT - INTRO_Sep16
Emi-Rod PPT - INTRO_Sep16Emi-Rod PPT - INTRO_Sep16
Emi-Rod PPT - INTRO_Sep16
 
Reduccion y oxidacion
Reduccion y oxidacionReduccion y oxidacion
Reduccion y oxidacion
 
El pastel por Carmen María Belmonte
El pastel por Carmen María BelmonteEl pastel por Carmen María Belmonte
El pastel por Carmen María Belmonte
 
Vattenfall's year-end report 2015
Vattenfall's year-end report 2015Vattenfall's year-end report 2015
Vattenfall's year-end report 2015
 
Vattenfall's quarterly report January - March 2016
Vattenfall's quarterly report January - March 2016Vattenfall's quarterly report January - March 2016
Vattenfall's quarterly report January - March 2016
 

Similar a EveryCloud_GDPR_Whitepaper_v2

Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docxRunning Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
jeanettehully
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
Europadialoog
 
EU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxEU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptx
TeddyIswahyudi1
 
delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1
Jes Breslaw
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years Later
TrustArc
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
Sally Hunt
 

Similar a EveryCloud_GDPR_Whitepaper_v2 (20)

What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docxRunning Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
 
DWS16 - Plenary - Is trust really necessary - Xavier Lorphelin, Serena Capital
DWS16 - Plenary - Is trust really necessary - Xavier Lorphelin, Serena CapitalDWS16 - Plenary - Is trust really necessary - Xavier Lorphelin, Serena Capital
DWS16 - Plenary - Is trust really necessary - Xavier Lorphelin, Serena Capital
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
 
EU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxEU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptx
 
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
 
delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years Later
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 
Webinar - Security 2.0: A new way to deal with today’s security challenges in...
Webinar - Security 2.0: A new way to deal with today’s security challenges in...Webinar - Security 2.0: A new way to deal with today’s security challenges in...
Webinar - Security 2.0: A new way to deal with today’s security challenges in...
 
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
 
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
 

EveryCloud_GDPR_Whitepaper_v2

  • 1. The new EU General Data Protection Regulation (GDPR) What these tough new laws mean for your business and its cloud services
  • 2. EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 2 Designed to modernise and strengthen data protection laws originally drawn up before mass Internet adoption, the European Union’s General Data Protection Regulation (GDPR) is on its way. The new framework tightens up data protection for individuals inside the EU and also covers the export of personal data outside it. Coming into force this summer, EU member states have two years to implement GDPR, which features strict new rules and punitive measures. UK organisations need to start planning, especially as so much sensitive employee and customer data is now stored or processed in the cloud. Strict new data laws: time for action
  • 3. The new EU General Data Protection RegulationEVERYCLOUD 3 ‘Europe’s biggest data protection shake-up for 20 years’ With a significant percentage of businesses that use cloud services reporting losing data – industry analysts Aberdeen Group have indicated that this could be as high as 32% of companies 1 – and the threat of cyber attacks continuing to grow, the GDPR places new and more onerous responsibilities on organisations. For example, data breaches must be reported within 72 hours. All privacy policies, procedures and documentation have to be robust and current at all times, with the relevant data protection authorities able to request them at any time. Organisations of a certain size will require a Data Protection Officer, a role many do not currently have. Organisations will need to keep an accurate and up-to-date information asset register, maintain demonstrably strong technical and procedural controls over all data, and manage privacy policies on an ongoing basis that not only inform employees, users and customers how personal and confidential data will be stored and processed but also have their consent. GDPR legislation will apply to any company that handles European Union citizens’ data, even if that company is not actually based in the EU. One of the biggest changes is the significant increase in financial penalties resulting from a failure to comply: up to four percent of global turnover or €20 million (£15.9m), whichever is the greater. This, in itself, should be a catalyst to take action now. At the simplest level, this means asking questions such as: Is two years long enough for our organisation to plan, take action and fully comply? What exactly are the implications for the cloud services we currently use? And – perhaps most importantly - how can I close the gaps in my data protection strategy as it relates to our cloud security, data usage and identity access arrangements? Plan to protect: data protection gets serious Welcomed by the European Council as “a major step forward in the implementation of the Digital Single Market Strategy”, the implications of the complex GDPR framework for UK organisations are serious. BBC News has described the GDPR as “the biggest shake-up of data protection laws for 20 years” with the stated aim “to give citizens back control of their personal data as well as simplifying the regulatory environment”2 . Four years in the making, in December 2015 the EU Commission, Parliament and Council of Ministers agreed the GDPR after months of negotiations. The rules come into force in 2016, with EU member states given two years to comply. So what are the potential impacts, and what should you be doing? First, companies with more than 250 employees will need to employ a Data Protection Officer. In terms of urgency, the UK’s Computer Weekly has reported that while organisations may feel they have “plenty of time to get ready, the clock is ticking and it’s later than you think.”3 1 Aberdeen Group research, “SaaS Data Loss: The Problem You Didn’t Know You Had” 2 BBC News, “What does shake-up of EU data laws really mean?” - Jane Wakefield, 14th April 2016 - http://www.bbc.co.uk/news/technology-36037324 3 Computer Weekly, “Do not delay, EU data protection changes on the way” - “http://www.computerweekly.com/feature/Do-not-delay-EU-data-protection-changes-on-the- way 32%OF COMPANIES REPORT LOSING DATA
  • 4. EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD A compelling case for change With the GDPR requiring that all privacy policies, procedures and documentation are robust and up to date, the implications for every function involved in data handling are enormous. Decisions on where you store personal data covering customers and employees, for how long, and where and how you process that data, are assuming far greater strategic importance to the enterprise. As more and more companies depend on an At least three issues are converging here: increasing number of cloud apps and services to support their operations, the Cloud Security Alliance, “the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment”4, says “From a cloud computing point of view, these changes are long overdue and will lubricate the roll-out of utility-based computing in the EU.”5 This is as much about trust as it is compliance. A recent Intel survey reported that 72% of companies cited “compliance” as their biggest concern around cloud adoption6, with the CTO of Intel Security EMEA commenting: “As we enter a phase of wide-scale adoption of cloud computing to support critical applications and services, the question of trust within the cloud becomes imperative…. The key to secure cloud adoption is ensuring sufficient security controls are integrated from the start so the business can maintain their trust in the cloud”.7 There is clearly a growing awareness of the potentially serious consequences of a data breach and the value of those “sufficient security controls” being integrated fast - requirements underlined by the demands of the GDPR. 1Increased cloud adoption 2 A far stricter regulatory environment 3A continuously evolving threat landscape 4 Cloud Security Alliance - https://cloudsecurityalliance.org/about/ 5 Computer Weekly, “Do not delay, EU data protection changes on the way” - http://www.computerweekly. com/feature/Do-not-delay-EU-data-protection-changes-on-the-way 6 Blue Skies Ahead? The State of Cloud Adoption – Intel report, 2016 7 Business Cloud News, “Only 13% trust public cloud with sensitive data – Intel survey”, 14th April 2016 - http://www.businesscloudnews.com/2016/04/14/only-13-trust-public-cloud-with-sensitive-data-intel-survey 4
  • 5. The new EU General Data Protection RegulationEVERYCLOUD 5 “The European Commission put forward its EU Data Protection Reform in January 2012 to make Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed. The Regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market. A single law will also do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. ‘A modern and harmonised data protection framework across the EU’ The Directive for the police and criminal justice sector protects citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism.” The official texts of the Regulation and the Directive were published in the EU Official Journal in all official languages on 4th May 2016. While the Regulation came into force on 24th May 2016, it will apply from 25th May 2018. The Directive entered into force on 5th May 2016, and EU Member States have until 6th May 2018 to transpose it into their national law. Source: European Commission > Justice > Data protection > reform - http:// ec.europa.eu/justice/data-protection/ reform/index_en.htm 90%OF EUROPEANS WANT THE SAME DATAPROTECTION RIGHTS ACROSS THE EU
  • 6. The new EU General Data Protection RegulationEVERYCLOUD A ‘Discover yourself’ ‘A lack of understanding’ when it comes to cloud services The GDPR is providing many organisations with added impetus to prioritise what many call cyber security and what is increasingly termed cloud security and identity access. At the end of 2015, CNBC reported that around half-a-million attack attempts were happening in cyberspace every minute.8 Another report in late 2015 had found that 25% of organisations had experienced a cyber attack in the previous 12 months, and the majority of respondents – 51% - were concerned about “a loss of control over their data when using public cloud services and applications”.9 The threat of data loss is real. So, when it comes to the GDPR, have you made any plans yet? Do you already have a budget and/or dedicated resources earmarked for GDPR compliance, not least as it relates to protecting the employee and customer data that you store, process or share using cloud services? If you do, you may be in the minority – and in any Elsewhere in the same report on cloud access and security, Gartner comments: “Many enterprises lack a complete understanding of the cloud services they consume and the risks they represent, which makes compliance and protection difficult... Even when cloud services are known, most enterprises struggle to consistently verify compliance or the secure handling of sensitive 8 CNBC, “Biggest cybersecurity threats in 2016”, 28th December 2015 - http://www.cnbc.com/2015/12/28/ biggest-cybersecurity-threats-in-2016.html 9 Sixth annual Databarracks Data Health Check Report, 2015 10 Gartner Report: How to Evaluate and Operate a Cloud Access Security Broker, 08 December 2015 | ID:G00292468, Analyst(s): Neil MacDonald, Craig Lawson 11 Ibid. case, this is an extremely complex and constantly changing area. “Enterprise goals for security and regulatory compliance are some of the more difficult enterprise requirement areas complicating the selection of cloud services,” says industry analysts Gartner, Inc. - adding that although many cloud applications may have a similar look and feel, “they differ significantly in ways that affect risk, and their risk considerations may change over time. Furthermore, for most cloud service categories, dozens of options are available to organizations. Enterprises need to continue to understand and verify the compliance and security posture of this cloud service.”10 While some organisations may already have an in- house Data Protection Officer or Information Security Officer, many more do not. Do you currently maintain an accurate and up-to-date information asset register, and are you confident that you have strong technical and procedural controls over all of the data you store or process? Your cloud security and identity access policies must not only be strong enough to have an impact, they will also need to be monitored, enforced and refreshed on an ongoing basis. And remember, if a data breach occurs, you will not only have to notify relevant data protection authorities within 72 hours: if the leaked data is likely to impact on the rights of the individuals involved, you must also notify them. 25% OF ORGANISATIONS HAVE EXPERIENCED A CYBER ATTACK data within and across these disparate services. Enterprises have no standardised way to detect whether (and when) compromised credentials or unmanaged devices are used to access cloud services.”11 This type of situation cannot persist under the GDPR. 6
  • 7. EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 7 With so much to take on board, the GDPR can seem a little overwhelming - not least because data protection and cloud security are almost certainly not your core business and nor should they be, even though they are assuming far greater strategic importance to the business. In the majority of cases, GDPR compliance will be enabled by drawing on knowledge, expertise and solutions from specialist CASB (cloud access security broker) companies such as EveryCloud. The first step is discovery: to better understand the risks you face in terms of the data you hold or process, and any data loss prevention (DLP) issues that might conceivably lead to a lack of compliance now or regulatory infringements later; to reveal key obstacles to compliance and to rapidly identify ways to resolve or remove them. A valuable first step on the road to GDPR compliance is asking six simple questions about your business; you may be surprised by the answers. - Where do our cloud apps process and store data? - Do our apps adequately protect data from loss, alteration and unauthorised processing? - Have we executed a data processing agreement with the cloud apps that we use? - Do our apps collect only “necessary” data - and limit processing of “special” data? - Do our cloud vendors forbid use of personal data for other purposes, such as third party sharing? - Can we erase the data when we stop using an app? Towards GDPR compliance: first steps
  • 8. The new EU General Data Protection RegulationEVERYCLOUD 8 Inactivity is not an option. With cloud security provider CloudLock reporting that shadow IT applications create a ‘perfect’ group of three risks: “data loss through unauthorised channels, injecting malware to the environment and compromising users’ identity”, Gartner, Inc. has also made a Strategic Planning Assumption that “by 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, which is up from fewer than 5% in 2015.” 12 12 Gartner Report: How to Evaluate and Operate a Cloud Access Security Broker, 08 December 2015 | ID:G00292468, Analyst(s): Neil MacDonald, Craig Lawson 13 Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015, 10 November 2015 - http://www.gartner.com/newsroom/id/3165317 Driving GDPR compliance: the EveryCloud approach Action is being taken now, and the scale of the challenge in data protection will only increase: in terms of the connected Internet of Things (IoT), Gartner has predicted there will be 6.8 billion connected devices in use in 2016, a 30% increase compared to 2015. By 2020, Gartner says, that number will have risen to more than 20 billion connected devices. During 2016, “5.5 million new things will get connected every day”. 13 “By 2020, 85% of large enterprises will use a cloud access security broker solution” 6.8 BILLION CONNECTED DEVICES IN USE IN 2016
  • 9. EVERYCLOUD The new EU General Data Protection RegulationEVERYCLOUD 9 Comply Policing and enforcement are crucial to protect your organisation and its data, avoiding regulatory intervention, costly fines and reputational damage. You need to make a full commitment to monitoring and managing all cloud apps and services, including file content monitoring to locate and report on all regulated data including financial and customer personal data, to ensure compliance in data protection. This includes GDPR compliance, PCI and credit card security. Certify So long as the threat landscape continues to change and new regulations come into force, an all-encompassing cyber security and data loss prevention (DLP) strategy will remain critical. A planned programme of review and recommendations drives the regular scrutiny and refresh of policies and procedures, regardless of the data involved and for any app, cloud service or provider. Improved understanding should inform development of the most appropriate access, identity, data usage and security policies, and also educating employees on the threats, raising awareness and changing behaviour if necessary. The business has to be fully aware of where its cloud apps actually process and store data, and if those apps provide the appropriate protections for personal user/customer data against unauthorised access, loss and alteration. The right policies can include firewall, email and data loss prevention (DLP) strategies, to manage, restrict or deny access, and revoke sharing as needed – while avoiding any negative business impacts. Aware Discover It is crucially important to understand the true costs and risks you face, which means identifying the unsanctioned and shadow IT that might compromise your security, result in data breaches and lead to GDPR penalties. Activity can include a comprehensive Cloud Audit, Security Assessment and Cloud Expense Management exercise, taking an in-depth look at the apps and cloud services you use, analysing traffic patterns, examining how your people access the cloud, while also locating sensitive and at-risk data, and understanding the imminent and longer term threats. The optimum approach to cloud security and identity access security, in pursuit of GDPR compliance, should align with the demands of your business, the security risks you face, and the real-life needs and behaviours of your user community. The EveryCloud approach is based on four key elements, aligned with but also extending “the four pillars of cloud access security” as defined by Gartner: Visibility, Compliance, Data Security and Threat Protection. 14 With more than 100,000 apps already discovered and the number rising steeply, the process starts with gaining an understanding how your app infrastructure holds together and where the vulnerabilities are hiding. 14 Gartner Report: Mind the SaaS Security Gaps, 03 October 2014 | ID:G00263947, Analyst(s): Craig Lawson, Sid Deshpande
  • 10. The new EU General Data Protection RegulationEVERYCLOUD A - Do you currently have all the information you need to plan for the GDPR effectively – including the true breadth and extent of data storage and data processing services you access and use via the cloud, along with the true extent of unsanctioned and shadow IT in your organisation? - Do you actually know what user/customer personal data you hold, where it is, and how secure it is? - Have you already documented and do you enforce the most robust cloud security, identity access and data loss prevention (DLP) strategies and policies? - Are there gaps in your data protection strategy right now – and do you know the fastest and most effective ways to close those gaps? You can start your journey to GDPR compliance now, by asking the following questions: In light of the GDPR and other pressing requirements, enterprises want to be sure they are accessing and using essential cloud services - whatever services are required - in the safest ways, avoiding any data leakage and preventing unauthorised data access and sharing at all times. Of course, the price of failing to secure your data both in and out of the cloud can be significant: from data breaches that fall foul of the GDPR to loss of intellectual property assets, reputational damage and impacts on profits. Conclusions CALL 0800 470 1820 EMAIL discover@everycloud.co.uk WEB everycloud.co.uk