In part three we discussed how no one person, organisation or vendor has ‘the’ silver bullet to GDPR compliance. What you need is an array of tools and people to address the many challenges ahead.
Saying that not all technical solutions are equal in their value to a GDPR project. Given GDPR is a Data Governance project (as discussed in part two), it makes sense to leverage both technology and people with Data Governance running through their veins
STEALTHbits is that.
STEALTHbits has focused on Data Governance for 16 years, focusing on being the best at providing a global leading Data Access Governance platform for unstructured data.
We have a comprehensive breakdown of articles and chapters along with a functionality and report mapping. The detail is far too much for a blog so please contact your local STEALTHbits representative who can provide you with this. For quick reference, here’s an outline:
EU GDPR Article Alignment
For the full infographic with detailed explanations of each section, please follow this link: https://www.stealthbits.com/preparing-for-the-eu-gdpr-time-bomb
If you look at the high-level requirements of the GDPR as well as the following statistics regarding Data Governance, you can start to see the scale of the challenge ahead if your organisation hasn’t already undertaken or started a Data Access Governance project.
…of Data in organisations is unstructured.
This includes file systems, SharePoint, Email, cloud Storage. Anything that isn’t stored in a database or application with a set format. Unstructured data is hard to manage and could, in theory, be anywhere in your environment.
…of Organisations use Active Directory as their primary source of Authentication
Your user account and groups that provide access to unstructured and often structured data, is managed by Active Directory. The policies that govern things such as passwords, access levels, name resolution and many other business critical services are also reliant on AD. Active Directory is the foundation of most businesses environment. Lose AD, lose access to data.
…of data has excessive access granted
Put AD and data together, add a pinch of legacy practices and general day to day use and people end up with access to data they shouldn’t. That could be the ability to read files they shouldn’t or manipulating files they should only read. Either way, this breaks all basic rules of Data Governance and ‘Privacy by Design’.
I would say this is a problem in 100% of organisations to some degree.
…for the average data breach to be discovered,
if the breach is discovered at all. Most data breaches are never uncovered. A breach isn’t just the headline grabbing incident like Yahoo. It also covers that former employee who takes a document to their new role with them.
Either way, for GDPR it’s not so much the discovery that applies to the 72-hour notification period, it’s the ability to investigate the ‘Who, what, where, when and how’ once a breach has been discovered. These findings must then be supplied to the appropriate regulatory authority.
Next week we conclude this series by pulling together elements from each blog to form a strategy for addressing GDPR compliance; understand the challenge, engage the right people/organisations, utilise the right technology and act now.
- 5 Essential Steps To EU GDPR Part 1 – Understand the Basic Requirements of GDPR
- 5 Essential Steps To EU GDPR Part 2 – GDPR Data Access Governance Project
- 5 Essential Steps To EU GDPR Part 3 – Engage the right people
- 5 Essential Steps To EU GDPR Part 4 – STEALTHbits Technologies, A Logical Fit for EU GDPR
For a comprehensive breakdown of STEALTHbits solutions and features please follow these links:
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.