CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

Ruvi Kitov

GDPR Compliance: A Network Perspective

GDPR Compliance

Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating actions that a company can or cannot take – they do a really good job of telling us what we must do. Unfortunately, in many cases, that’s where they stop: figuring out exactly how to comply is up to each company.

In May 2018, the new General Data Protection Regulation (GDPR) will take effect, and this one falls squarely into that category. The thing about regulations, though – especially ones that carry real financial consequences, like GDPR – is that lack of direction is no excuse for non-compliance. In the case of GDPR, a failure to proactively address the stringent data protection and privacy requirements involved would be incredibly costly. It’s critical for organizations to start looking at how they’re going to protect sensitive data related to European citizens, and they need to have a plan for doing so mapped out soon.

What does that mean from a network security perspective? There are several steps that organizations will need to take to ensure data protection as a default setting across the network.

Know Your Data, and Where It Goes

Big Data Gives Insight to Consumer Trends

The first step is a critical one – enterprises need to understand where sensitive information resides. Many organizations already know which specific networks, sub-networks, databases, and applications collect and store certain types of sensitive data such as health records or financial information. However, there is no longer any discretion in terms of what data is classified as “sensitive.”

Whatever your old definition of sensitive data – it has to be rethought entirely. Under the GDPR, more types of data – contact information, genetic data, biometric data, and IP addresses, just to name a few – are now classified as sensitive. In order to ensure compliance, enterprises must take a fresh look at the types of data they store and process, and apply a much broader standard of sensitivity.

Unfortunately, determining which areas of the organization are storing or collecting sensitive data can be difficult. To do so, security and IT teams need to work together to survey the organization so that they can identify and document which applications are using personal information. Doing so will give you a clearer understanding of where this data comes from, and will help facilitate the process of mapping the areas of the network where this data is stored. Keep in mind, enterprises will be responsible for ensuring the security of data regardless of whether it’s stored on premise on your physical network or in the public cloud – the GDPR does not discriminate in this area.

Another benefit to mapping out where data is stored and used is that this process will help enterprises understand the extent of their shadow IT problem. Gartner estimates that, by 2020, one third of successful attacks experienced by enterprises will be on their shadow IT resources. Mapping out the data path will help organizations understand the extent of, and put an end to, undocumented applications or servers accessing and storing data.

Segmentation and Policy-Based Automation

Once you understand the applications that store and collect sensitive data, the next step is to make sure that only the appropriate zones or user groups have access to one another. This is where things like network segmentation and access rule review come into play and can have a critical role. With regulations as broad as GDPR, it’s possible that you’ll need to look at further iterations of segmentation – namely, micro-segmentation or even nano-segmentation. By creating role-specific zones, or even user-specific zones, enterprises can better enforce who has access to sensitive information. A key element to ensure a state of continuous GDPR compliance is to document the segmentation internally as a living reference. Having this unified security policy in place enables organizations to simplify the management of this process.

As any security professional understands, it’s not enough to create a one-time snapshot of your network, processes, policies, and exposure. The network is constantly changing as business needs evolve, so policy enforcement must be dynamic. Enterprises must perform regular audits of rules and rule changes to ensure that changes to their network are not affecting GDPR compliance. With so many moving parts, the process of examining, creating, and provisioning rule changes that comply with GDPR regulations can be cumbersome. Policy-based automation reduces the effort needed for compliance and avoids the errors associated with manual processes.

Enterprise networks are undergoing a major change. The transition to software-defined networks, public cloud adoption and the rise of DevOps have created a larger attack surface for networks along with a similar rise in complexity, creating more opportunities for human error and misconfigurations that can expose sensitive data. At the same time, regulations like GDPR are being put in place to create real financial incentives to ensure the protection of sensitive client data. When these regulations go into effect early next year, organizations that have adopted an automated, policy-based network segmentation approach will be in the best position to succeed in ensuring the safety of the data they are tasked with securing.

By Ruvi Kitov

Ruvi is the CEO and Co-Founder of Tufin, the leading provider of Security Policy Orchestration solutions. Since Tufin’s founding in 2005, Ruvi has led the company through successful growth and product development, quickly gaining more than 2,000 customers among the world’s largest enterprises; Tufin is recognized as a market leader with consistent revenue growth, resulting in top rankings in the Deloitte Technology Fast 50 and other awards.

Ruvi Kitov

Ruvi is the CEO and Co-Founder of Tufin, the leading provider of Security Policy Orchestration solutions. Since Tufin’s founding in 2005, Ruvi has led the company through successful growth and product development, quickly gaining more than 2,000 customers among the world’s largest enterprises; Tufin is recognized as a market leader with consistent revenue growth, resulting in top rankings in the Deloitte Technology Fast 50 and other awards.

View Website
The Lighter Side Of The Cloud - Information Highway
The Lighter Side Of The Cloud - Synchronization
The Lighter Side Of The Cloud - K.I.S.S
Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security Don’t count on cloud providers to provide all your UCaaS security It’s official: Unified Communications-as-a-Service (UCaaS) has ...
When it Comes to the Communications Cloud, You Cannot Manage What You Cannot Measure 

When it Comes to the Communications Cloud, You Cannot Manage What You Cannot Measure 

The Communications Cloud As more and more real-time communications – whether voice, messaging, video or collaboration – move to distributed software ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
The Democratization of Business Software Technology

The Democratization of Business Software Technology

Democratization of Software Advances in the cloud have changed the way we interact with the world. From how we pay ...
Artificial Intelligence And The Future of Accounting

Artificial Intelligence And The Future of Accounting

The Future of AI Accounting Artificial intelligence has become an extremely hot topic over the last couple years. While many ...
Driving Transformation? It is possible to predict the future.

Driving Transformation? It is possible to predict the future.

Driving Transformation Previously, I wrote about the criticality of defining the Vision for your transformation - what is your real objective, how ...
Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor is best known for its candid, honest reviews of employers written anonymously by employees. It is now common practice and a good idea for anyone considering a position with a new employer to check them out on Glassdoor first. With ...
Top 50 Cloud Hosting Services

Top 50 Cloud Hosting Services

The methodology behind our top 50 cloud list is based on several years of experience understanding and following who the key players are in the industry. Click to review the current top 50 and stay tuned for future discussion ...
real time hacking attacks

Live Real Time Hacking and Ransomware Tracking Maps Online

Real Time Hacking Attacks We've recently covered a few real time hacking maps but have decided to extend the list based on the recent ransomware activities with some additional real time hacking attack and ransomware tracking maps. Ransomware refers to malicious ...
Automate Service Management

[Free eBook] 150 Ways to Automate Service Management Throughout Your Organization…

Think about an IT Service Catalog as a supermarket of available services. Everyone in your company requests and delivers services from each other. From Human Resources and Marketing to Facilities and Procurement, each department is a service provider to the ...
Data Protection Officers

Free Linux Firewalls of 2018

A firewall is an important aspect of computer security these days, and most modern routers have one built in, which while helpful, can be difficult to configure. Fortunately there are also distributions (distros) of the free operating system Linux which ...
12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help ...