How data-mapping and policy automation can help companies prepare for GDPR
With less than nine months to go until Global Data Protection Regulations (GDPR) come into force across the European Union, businesses should be well underway in their efforts to achieve compliance. However, meeting the demands of GDPR is easier said than done and a substantial proportion of businesses are still showing a worrying lack of preparedness. According to a study released in July by Spiceworks, just 5% of IT pros in the UK and 2% in the US believe their companies are fully prepared for the regulations.
With fines up to a maximum of €20mn or 4% of a company's annual global revenue on the table, failing to comply with the legislation could be disastrous.
There are multiple explanations for this apparent complacency. In many cases limited C-suite support and a lack of knowledge or awareness are holding organisations back, while some simply don’t think the regulations will affect them.
But a key issue that many businesses are also struggling to cope with is the hugely complex, and difficult to manage, nature of modern networks, which now typically incorporate multiple databases and a growing number of network devices that constantlFy manage potentially sensitive data.
All of this means multitudes of businesses are putting themselves at risk of being hit by substantial fines, as well as reputational damage and a potential loss of customers. The new regulation also holds individuals personally responsible, highlighting that compliance may not be sexy, but if you get it wrong it certainly has big teeth.
One mistake many organisations also make is viewing compliance as a destination rather than an ongoing journey. A common pitfall is that businesses only worry about passing an audit and, once the audit is over, compliance gets relegated from being a priority to an afterthought, resulting in a stark reality that many businesses are barely surviving from one audit to the next.
In a GDPR world, that mindset simply won’t be good enough. Cybercriminals – and compliance authorities – will be ready to pounce at the slightest sign of complacency, so businesses of all sizes need to ensure that compliance is viewed as a constant process rather than a single point in time.
Keep it simple
With business networks constantly growing and data flowing across an ever-larger environment, keeping track of all the moving parts can be a significant challenge.
Therefore, when it comes to GDPR, the first business challenge should be to tackle complexity head-on, by increasing visibility and gaining a strong sense of all the moving parts of the network.
Data mapping is an important part of this process. By mapping the network – and ensuring it is regularly updated – businesses get a clear view of how data flows through the company. This addresses several important concerns, such as knowing where sensitive customer information resides, how it is being used and who has access to it, all of which are central components of GDPR compliance.
Mapping the network also helps to maintain security policy compliance by enabling businesses to easily identify all their network traffic across different applications and services, based on actual usage.
Once everything has been mapped, network segmentation can then be applied to ensure that only the appropriate network zones or user groups have access to specific types of data, which helps to keep customer information safe in the event of a data breach.
But, key to everything is having a centralised tool to manage network security policies and streamline all future changes made to the network. Policies are put in place to ensure that businesses operate in line with regulatory standards and are especially important when it comes to effectively managing large quantities of data.
By incorporating a centralised policy management tool, security and compliance can be simplified and IT teams can enjoy a greater level of control over the environment.
When GDPR comes around, making sure doors to corporate networks remain locked will be key to ensuring compliance – and automation can significantly reduce the amount of effort required.
When it comes to achieving continuous compliance, there are several different ways in which policy-driven automation is a central component. For example, with networks being more dynamic than ever before, carrying out regular reviews of existing rules and policies is essential, but also an extremely tedious task to do manually. Automated tools are able to identify high-risk or redundant rules in a fraction of the time and with a greater degree of accuracy.
This also applies to provisioning new policies, which must comply with GDPR requirements without adversely impacting any existing rules. Again, this is a complicated and time-consuming task, the burden of which can be drastically reduced through an automated approach that maintains compliance without the risk of human error. Any policy violations will be flagged and resolved in real-time, thereby significantly streamlining operations. Life is also made easier for future inspections, as automated actions are constantly recorded and documented for auditing purposes.
Furthermore, the so-called ‘ripple effect’ where a minor change to one policy causes a vulnerability in another area of the corporate network is a very real danger. Automated policy management solves this issue by providing network-wide visibility and designing optimised new rules based on real-time analysis of existing rules, thus avoiding the ripple effect. Most importantly, business leaders can feel reassured the whole network meets regulatory standards.
Maintaining GDPR compliance 24-7-365 is no mean feat and businesses need all the help they can get. Through an automated approach, risks and vulnerabilities can be proactively identified and resolved across even the most complicated network environment, ensuring compliance all year round.
Time may be in short supply, but it’s still not too late for businesses to start putting their GDPR plans into action and turning compliance into a valuable competitive advantage.
Andrew Lintell, Tufin
Logi Analytics Webinar: Meet the speaker
Data allows business owners to leverage digital insights and embrace the power of data-driven business intelligence to make more informed decisions that are better for business growth and evolution. By using data to drive its actions, an organisation can contextualise and/or personalise its messaging to its prospects and customers for a more customer-centric approach.
BizClik Media Group and Logi Analytics invite you to explore next-gen embedded analytics in our live webinar. There’s still time to sign up for the event entitled ‘Application Imperative: How Next-Gen Embedded Analytics Power Data-Driven Action’, which is taking place on 10 June at 4 pm BST.
The webinar will be led by Constellation Research’s Principal Analyst, Doug Henschen, who focuses on data-driven decision-making. Henschen’s Data-to-Decisions research examines how organisations employ data analysis to reimagine their business models and gain a deeper understanding of their customers.
Henschen's research acknowledges that innovative data analysis applications require a multi-disciplinary approach starting with information and orchestration technologies, continuing through business intelligence, data visualisation, and analytics, and moving into NoSQL and big-data analysis, third-party data enrichment, and decision-management technologies.
Constellation Research is a technology research and advisory firm based in Silicon Valley. Prior to joining Constellation, Doug Henschen led analytics, big data, business intelligence, optimisation, smart applications research, and news coverage at InformationWeek.
What will the webinar cover?
This exclusive webinar will explain next-gen embedding capabilities that will enable your company to:
- Eliminate unproductive toggling between transactional interfaces and purely analytic dashboards
- Drive two-way interactions between app features and embedded analytics to drive data-driven action
- The compounding impact of embedded analytics on your overall ROI
- Harness analytics as triggers for automated workflows and suggested next-best actions
- Enable developers to build quickly without coding while customising self-service options for end users
Logi Analytics is the only developer-grade analytics solutions provider focused exclusively on embedding analytics in commercial and enterprise applications, empowering the world’s software teams with the most intuitive data analytics solutions and a team of dedicated professionals invested in your company’s success.
Why not sign up today to find out exactly how Logi Analytics can revolutionise your data analytics game?
We look forward to seeing you there!