Get My Score

GDPR-60: Are You Ready?

A Catch-up Plan for Technical Controls

In under 60 days, the GDPR regulation officially takes effect in the EU, and will impact companies well beyond Europe’s borders.  As a reminder, on May 25 the GDPR will replace the EU’s existing privacy regulation, and in a nutshell, data protection is now by design and by default.  And, data includes both personal and professional information.  A major point is the ‘right to be forgotten,’ and some of the controversies around Google and Facebook is a result of this intent.

By now, organizations should have a well-developed plan in place for implementation, including the assignment of a Data Protection Officer and coordination across all impacted business functions.  An issue is that this planning is not universal, and in fact, many US companies don’t realize their exposure.  In a recent study, less than 25% of US Firms consider themselves to be GDPR-ready.   Not a good place to be in, given that a just-released ESG survey shows GDPR-subject data as the most widely deployed in the cloud.

GDPR ready

Digging further, the GDPR defines three elements of compliance – people, process, and technology.   Cavirin can’t directly address the first two, but we can help with plugging holes in the third.  In a four-phase process that includes discover, manage, protect, and report, the third – protect – closely aligns with Cavirin’s capabilities.  We’ve created a policy framework that helps to automate the following across cloud providers and operating systems: 

  • Auditing Personal Data Processing Systems: Ensuring that all user and admin activities in personal data processing systems are traceable at all times.
  • Monitoring Personal Data Processing Systems: Ensure they are safe from software vulnerabilities
  • Personal Data Access controls: Ensure that access to systems storing or processing personal data is restricted to only users or programs that need it
  • Personal Data Security controls: Monitoring configuration settings for systems storing or processing personal data to prevent breaches and disclosure
  • Personal Data Transfer Security: Monitoring usage of encryption and network configuration to detect and/or prevent unauthorized transfers of personal data

So how to get started?  In under 30 minutes (really), you can deploy the solution on-premise or within your public cloud provider.  The deep discovery of the critical workloads, you identified in the steps above, then commences, and in a short amount of time, you’ll have actionable reports that identify your top risks.  The assessment delivers remediation guidance, and even for the largest of infrastructures, you’ll have plenty of time to take action before the deadline.  But don’t stop there!  Configure the platform for continuous assessment, so if the configuration of any of your servers changes, or new ones are added, you’ll be immediately notified and can then take action.

Download the linked infographic for more on the above!  And listen to the on-demand webinar for further information on putting your own plan in place for GDPR enforcement day, May 25th, 2018.



© 2019 Cavirin Systems, Inc. All rights reserved.