The five toughest GDPR challenges you need to overcome
Digital transformation means using tech to get ahead. But that same tech can also be the biggest barrier to General Data Protection Regulation (GDPR) compliance.
The pros and cons of digital transformation
Giving your people the tools they want and need to get the job done improves your productivity and helps you stay competitive. But there’s a catch. New tech also means new security threats you might not be aware of. And what’s more — holes in your security could stop you from achieving compliance with GDPR.
The introduction of GDPR has changed the landscape you operate in. Now you not only need to protect against intrusion, but you’re being measured on how you respond to breaches. At all times you need to know where your data is and how you control and protect access to it — and by whom. You need to be ready for your compliance to be challenged — is your approach sufficient, and can you demonstrate the validity and effectiveness of your efforts?
With tighter compliance requirements such as GDPR in place, you’re facing greater penalties for mistakes at the same time as you’re seeking ways to achieve all the benefits of digital transformation. It’s a fine balance to strike, and you need the full picture in order to put in place the right controls and ways of tackling intrusions so you can move forward, confident in your security posture.
But the full picture is often elusive. You can find yourself in a situation where there’s a large discrepancy between your known estate and your actual infrastructure open to attack. When you don’t know all the devices connected to your network, or how your data is stored and managed, even basic security hygiene is difficult.
As a starting point, you need to get to grips with the available technology, while staying completely secure. And that’s something we’ll help you achieve, right here in this blog post.
Five security challenges, and how to overcome them
We’ll take a look at five technologies and practices that are currently making waves in every industry — focusing on why you’ll want to use them, why they pose a security challenge and how to overcome that challenge.
1. Cloud computing
Most companies already use the cloud, whether for internal purposes or to meet customer demand. But many also share the same concerns about security in the cloud. And this stems from a lack of control over underlying IT infrastructure used in cloud services.
To overcome these security concerns, choosing the right cloud provider and agreeing the contractual terms to manage security is fundamental. On top of that, controls such as information rights management (IRM), cloud access security brokers (CASB) and cloud data-loss prevention (CDLP) can offer the same (or better) security than on-premises solutions.
2. Big Data
Big Data gives you the power to model and anticipate customer and market behaviours, giving you greater insight and helping your decision-making process. However, the sheer scale of data you’ll have to deal with, means the impact of any security breach would be significant.
To minimise the risk, and comply with GDPR, you need to draw on a wide range of security advice, from architectural and technical to more strategic consultancy.
3. Shadow IT
While not a technology in itself, shadow IT is intrinsically linked to digital transformation. Occurring when your people take it upon themselves to get equipped with the latest devices or programs, shadow IT can mean that people become more productive. But it also poses a big security risk. In fact, it can be a downright dangerous practice if controls aren’t in place to protect data.
To overcome the challenge posed by shadow IT, you need to implement security processes that identify and inspect hidden data flows to achieve a full understanding of your network and data.
Your people at all levels, as well as third-party contractors, now use portable media, smartphones and mobile apps to access corporate data and applications. This means protecting the traditional company network is no longer enough — because the network now extends to any place employees can work (home, hotels, airports, etc.).
That means you have to put technologies in place to protect the user, the devices and the data, regardless of where the user works.
5. Internet of Things (IoT)
We’re in the early days of the IoT, but if your business roadmap includes the development of new services or processes around this new capability, it has to make data security a mandatory part of the agenda. This is because, with IoT, we will see highly-sensitive information, such as health data produced by wearables, family information in smart homes or geo-localisation by smart cars, shared between devices.
Protecting this data requires expert security consulting services and specific solutions, because the technical foundations of the IoT rely on infrastructure not commonly used in corporate IT.
Embracing technology securely
As you can see, new technology can help you gain a competitive advantage over your rivals. But rushing to deploy it without addressing the security considerations could see you fall on the wrong side of the GDPR.
The next step is to objectively assess your strengths and vulnerabilities so you can establish your security requirements in a post-GDPR age. You can use this intelligence to build the policies, controls and skill sets you need to protect what is most important to your organisation.
The tips we’ve given here are a great place to kick off the process. For the whole story, download our white paper. With it, you’ll discover how to review your compliance with GDPR and find out why greater data security creates opportunities for your organisation.