GDPR: Getting Your House in Order
With the new General Data Protection Regulation fast approaching organisations are starting to realise the importance of getting a grip on what data they store, where it is stored and who has access to it.
With our partner Varonis, we at HANDD have been working for many years with organisations to help them understand and simplify their processes to meet GDPR compliance.
Some, not all, of the requirements of GDPR centre around the need to know what data you store, where it is stored and who has access to it. This kind of useful knowledge is fundamental to helping satisfy e.g. “the right to be forgotten“.
How can you forget someone if you do not even know what data you have in your locker? With Varonis DatAdvantage you can scan your unstructured data and discover what types of content (e.g. such as Credit Card Information, Addresses, Insurance numbers and other types of personal identifiable information – PII) you have.
Varonis collects metadata properties from your files on windows shares, Exchange, AD and Linux platforms and also searches the logs to give you a picture of exactly what that data is, where it resides and who has been accessing it. That kind of information will also help you satisfy the “data portability” requirements of GDPR.
From next year the new data portability measures allow citizens to carry out or request the move, copy or transfer of personal data from one IT environment to another in a safe and secure way, without hindrance to usability. That might represent a huge challenge to some organisations presently but not if they carry out a full assessment, using a tool such as Varonis DatAdvantage, of their data and structure it so it can be easily identified when the time comes.
Data Classification & Data Discovery
Structuring your unstructured data into sets of information according to sensitivity will further help you to understand what your data is and how you can process/protect it more easily. For that reason the discovery capabilities of DatAdvantage are most effective when used in tandem with a robust Data Classification solution (see my post on “Why Do We Want Data Classification?“) in order to ensure once you know what your data is, it is clearly labelled. This will enhance any security strategy and allow downstream technologies to easily apply more business-context-aware processes.
In order to mark your data with metadata tags and visual labels you first need to know what it is, so for this reason, you can probably see where I am going here, we regularly see DatAdvantage and Data Classification projects running along side each other. Data Classification not only involves classifying all new data that is created but it can also be used to inject metadata tags into your legacy information to improve process around identification, storage, handling and ensure appropriate protection.
HANDD have been overseeing such deployment projects for our customers for many years. In the last year alone, with the impending GDPR cut off date looming, we have learnt even more from our growing customer base and thankfully been busier than ever before!
DatAdvantage also provides the ongoing monitoring and auditing capabilities of data access and permission changes as required by GDPR. This provides the ability to ensure that data is only accessed by people who have express permission to carry out the intended purpose for which that data was collected (think GDPR!!). It also helps ensure that the data is stored within the correct location.
With such great insight into your data you can also help enforce a least privilege model, ensuring a level of security and protection for personal data “by design and by default”.
For anything relating to Data Classification or Data Discovery it is essential to engage an experienced partner. HANDD have deployed many of these solutions to global enterprise organisations and have been educating the market for more than 10 years. As trusted advisers and data security specialists for 45% of the FTSE 100, we are best positioned to give you truly independent advice and guidance on finding the right product to fit your business and technology requirements.
HANDD have a talented team of exceptional data security technical specialists with an unrivalled knowledge of these types of projects. Engaging our professional services team will ensure that your project runs smoothly from inception through to go live.
Written by Danny Maher
Danny Maher is Chief Technology Officer at HANDD Business Solutions, an independent specialist in global data security