Inside Track: A gold standard

Pro
(Image: Stockfresh)

10 November 2016

Data location and security
“Customers have started working with Triangle on initial education followed by scenario walk through of the what-ifs. This requires a significant volume of time” brendan_healy_triangle

Triangle Brendan Healy, head of Core Infrastructure

‘What is GDPR?’ and ‘how will it affect me?’ are the two most common questions we are hearing from our customers. As you would expect, there is a significant volume of information available in relation to GDPR. The regulations are consumer-centric, and the following are just a sample of requirements that must be met.1. Every consumer has the right to know what data has been stored that is relevant to that individual
2. Every consumer has the right to have their personal data deleted
3. Every consumer has the right to know if their data has been compromisedOrganisations we are working with are starting by playing out these scenarios and are discovering some significant gaps in their BC&DR solutions.From a BC&DR perspective, organisations must ensure that location and security posture of data is known and available upon request.

Organisations will need to address these requirements in a number of ways

1. Secure everything, encrypt data in flight and at rest
2. Reduce the attack surface, there will be a requirement to consolidate BC&DR solutions as operations costs of multiple point solutions will become unmanageable
3. All data at rest, on backup and replicated offsite must be indexed and searchable
4. Ownership of data and associated governance must be defined

Our customers have started working with Triangle on initial education followed by scenario walk through of the what-ifs. This requires a significant volume of time but will lead to the required gap analysis and plan for GDPR compliance. GDPR is approximately two years away, this could be one of the largest programs of work for some organisation which has a “hard” deadline, Triangles advise, if not already underway ensure that the GDPR programme starts in before the end of 2016

 

 

For consideration
“Where data security may previously have been an inconvenience and overlooked, GDPR means as a personal-data storage owner, you are legally obligated to manage, secure and govern the data, its access and security and its lifetime or retention period” Steve Blanche, Head of Solutions, Ergo. Picture: Maura Hickey

Ergo Steve Blanche, head of solutions

Current disaster recovery solutions give us the ability to restore full services, with near-zero data loss, in minutes. Ergo is delivering these metrics today through automatic site recovery services, metro clusters, physical, virtual and application-level replication technologies.We have optimised Recovery Time Objectives (RTO) to almost instantaneous and Recovery Point Objectives (RPO) to as far back in time as your storage budget will permit the retention setting.

Now, what do you need to do with this recoverable data while it awaits arousal from the DR test engineer or invocation team?
Firstly, consider this: where data security may previously have been an inconvenience and overlooked, GDPR means as a personal-data storage owner, you are legally obligated to manage, secure and govern the data, its access and security and its lifetime or retention period.

Secondly we must ask:

  • Where is the data from?
  • How is it stored and do we have permission to store it?
  • Who has access and what protocols are in place to govern and audit access?
  • Is the data secured/encrypted at rest – on disk, virtual storage, tape, mobile media?
  • Was it secure/encrypted during transmission?

To help you prepare for this, we can identify and document data location – logically and physically. We can define levels of access and implement auditing and reporting for governance purposes. We can also look at access changes, breach response and notification/communication procedures.

It is important to be proactive in identifying personal data and securing it and reporting on how you are securing it. These procedures will require up to date solutions to keep pace with the ever evolving threats to data integrity – so investment is needed. The potential fine of €10 million or 2% turnover are consequences that financially threaten your business now that the GDPR is a regulation and not simply a guideline.

 

A long way to go
“We recommend a number of steps to ensure effective compliance in this area. This includes extending security policies to include personal devices that are used to create or share business documents” Gary Hopwood, general manager, Ricoh Ireland

Ricoh Gary Hopwood, general manager

Looking at a recent survey carried out by Ricoh Ireland among IT professionals in Ireland, we can see that Irish businesses have a long way to go before they are ready for GDPR implementation in 2018.With so many ways to create and store business documents now, particularly with the rise in mobile device usage, our survey found that of 55% of IT departments do not have full visibility of all business documents created across their organisation. In addition, a very sizeable minority (41%) of Irish IT departments admit to not being aware of all personal devices being used by colleagues to create documents for work related activities.

There are very stringent rules and regulations in place to ensure businesses can safely store and access business data. Ricoh recommends a number of steps to ensure effective compliance in this area. This includes extending security policies to include personal devices that are used to create or share business documents. It’s essential that procedures are put in place for businesses which enable documents to be stored safely from every device, and also properly indexed, searchable and archived in a working system. This will ensure secure availability at all times for those who need access, across multiple devices and locations.

The best way to approach document security and business continuity in the mobile age is through the implementation of best practice protocols. This is where an experienced document management partner like Ricoh or one of our business partners comes in. We can help you to safely harness the power of the data flowing through your organisation. This includes digital information as well as printed documents. We can provide your business with better ways of working, enabling your colleagues to be more productive, and ensuring that your processes are secure and compliant.

 

 

 

Read More:


Back to Top ↑

TechCentral.ie