With 100 days to go, it’s time to get serious about the GDPR
With exactly 100 days to go before the GDPR goes into effect, the risks of being unready are growing exponentially. The Information Commissioner’s Office (ICO) is clear that it won’t be lenient with ‘wait and see’ organisations, who are intent on finding out what GDPR non-compliance might mean for someone else before they take decisive action on it. And while that might sound like a minority viewpoint, some estimates suggest that just 10% of organisations are GDPR ready as of today. Meaning that a great many are facing problems on May 25th, and quite possibly fines on the 26th.
To avoid that, action is essential. But panic isn’t. A focused, strategic approach to understanding what data is held, how it’s managed and who can access it is the first step on the path to GDPR readiness. What’s more, it’s the best way to turn GDPR from an obstacle into an opportunity. And, as the time to May 25th ticks away, there are some key markers that can be used to measure progress.
Marker one: 90 days to go
The first thing to consider is a thorough audit of what data is owned or used, where it is stored, how is used, and by whom – keeping in mind the finding that many organisations hold six times the amount of data they need, and three times the amount they should.
The most likely cause of GDPR fines is poor data protection or being unable to demonstrate compliance. Knowing where these gaps exist relies on a thorough understanding of your data estate (including the difference between owning and using data). And on simplifying data management – either through minimising the amount of data held, or the number of people who are allowed to access it.
If this process is not already underway, organisations should begin immediately and look at data consent and lawful data processing options, and the creation of a framework for how data can be handled. This will enable any organisation to document every data decision, which will be essential should they be asked to prove compliance.
Marker two: 60 days to go
Engagement and unambiguous leadership support are vital to an organisation’s GDPR success. The Data Protection Officer must be independent and empowered to do their job.
Part of this is gaining buy in from across the organisation to put in place policies and protocols that will ensure GDPR compliance from day one.
To boost this, it’s a good idea to use the 60 days to go marker as a spur for a DPO led GDPR refresher course, ensuring that everyone is on board and up-to-date.
Marker three: 30 days to go
Even with buy in at the highest level, there’s no guarantee that knowledge and understanding will trickle down through the organisation. Or indeed to third parties, who must also be able to prove compliance and GDPR readiness.
That’s why, at the 30 days marker, it makes sense to begin a GDPR awareness month. This should be aimed at getting all staff and partners up to scratch with what the regulations require of the business, and of them specifically.
Minimum risk, maximum reward
All of these tactics are directed at a central goal of understanding where risk is, and minimising it. Because although data is valuable, the more of it an organisation holds, the more likely there is of a risk emerging – whether through a lack of consent to use it, leaks, or misuse by uninformed staff.
Responsibly used data can be an organisation’s biggest asset. With a focused, intelligent approach to GDPR prep, it becomes much easier to make that happen.
Florian Bienvenu, SVP EMEA, BlackBerry
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.