Like any budding relationship, there is always a period of trial and error. Expectations are set high, and intentions are meant to meet them, but mistakes can happen. There are lessons to be learned in the fumbles and hopefully a way to improve! As the EU embarked on a new relationship with the GDPR (General Data Protection Regulation) Council, new regulations were firmly implemented on May 25th, 2018. Companies across Europe had to find new ways of working while better managing their data privacy. It’s no secret that organizations globally are moving to the cloud, so how can they manage their customer data and stay compliant seamlessly? On the inaugural anniversary of GDPR, what lessons have we learned? And can organizations find harmony between data protection and operating in an increasingly cloud based business world?
Let’s Recap. What is GDPR?
The main tenants of GDPR include: data consent, mandatory data privacy assessments, data breach notifications, stronger user rights, the need for a Data Protection Officer, and privacy by design as a part of the company’s core processes, procedures and policies. But first, what is the difference between data privacy and data protection? Data Privacy laws seek to protect people’s right to the collecting and sharing of their personal data. Data Protection is a greater security issue related to the controls put around how to collect, store and disclose and dispose of data. One way of making sure that your company is enforcing its highest security practices and staying GDPR compliant at the same time is to adopt an Access Management and Authentication platform. But more on that in a moment…
A Break(up) in Compliancy
Before we look at some ways to introduce solutions to the complex topic of compliancy, let’s take a look at some of the unfortunate violations over the last year. To say the amnesty period is over would be an understatement. There have been several high profile cases of companies who have been hit with hefty fines for violating various aspects of GDPR. “New regulations aim to hold organizations and their executives more accountable in the protection of information assets and IT infrastructure. Communication is key to any successful relationship and sweeping data breach notifications under the rug has proven to be a very risky security strategy. It has been reported there have been nearly 60,000 data breach notifications in the last year with 91 fines applied to them. Most notably, the French data regulator (CNIL) issued the largest GDPR fine so far—US $57 million (€50 million). Similar regulations, such as the California Consumer Privacy Act (CCPA), impose smaller fines (US$7,500 per violation) but highlight the increasing regulatory risks for businesses globally.”
The reality is that cybercrime is here to stay. Malware attacks have only risen over the last three years. Corporations will have to change their way of thinking and spend more time investing in cybersecurity in order to offset the costs of data loss and the fines that accompany them. As any attractive CISO (Chief Information Security Officer) knows, the loss is not only monetary, but goes hand in hand with the reputation and credibility of the company. The trend of phishing attacks on individual employees who are part of a larger organization poses a growing threat. But there are ways to make sure that your company and in turn your end users data is secure.
How Access Management Can Positively Impact Your Business and Solidify Your Compliancy
So how do you marry the idea of a GDPR compliant organization with more and more user identities being distributed among cloud applications? You introduce a central access management strategy! This approach will allow you to prevent the following:
Being increasingly vulnerable to data breaches arising from compromised identities
IT administration overhead costs due to inefficient identity management procedures
User productivity dropping due to password fatigue and password resets
Lack of visibility into cloud access events impeding regulatory compliance
Having a cloud access management solution addresses these challenges, and enables secure cloud adoption in the enterprise through several key functionalities:
Simplified cloud access with smart single sign on (cloud SSO)
Optimized security with granular access policies
Scalability enabled by centralized management
And importantly, improved compliance through visibility into cloud access events
Thales offers SafeNet Trusted Access as a cloud-based access management service that combines the convenience of cloud and web single sign-on (SSO) with granular access security. By validating identities, enforcing access policies and applying Smart Single Sign-On, organizations can ensure secure, convenient access to numerous cloud applications from one easy-to-navigate console.
Among the many benefits SafeNet Trusted Access offers, you gain visibility into all user’s access events for simplified compliance, secured access for partners and contractors as well as Identity as a Service efficiencies.
In the end, GDPR compliancy goes hand in hand with making sure your company performs at its most protected. Embracing an access management service to flawlessly handle the complexity of GDPR will allow your organization and your end users to securely share data in the cloud and live happily ever after!
Information in this blog has been taken from:
*** This is a Security Bloggers Network syndicated blog from Enterprise Security – Gemalto blog authored by Ashley Adams. Read the original post at: https://blog.gemalto.com/security/2019/06/04/one-year-later-finding-harmony-between-gdpr-and-the-cloud/