GDPR Compliance: Low Cost, Zero-Friction Action Items
George Gerchow is Chief Security Officer at Sumo Logic and Adjunct Honorary Lecturer at Cloud Academy. View the on-demand recording of our recent w...Learn More
With GDPR coming into force later this month, security and compliance will be the top-most priority for any cloud deployment that contains personal data of EU citizens.
While leading providers have moved to make their platforms and services compliant, ensuring compliance requires more than just technology. Companies will also need to invest time and resources to prepare internal cloud teams to correctly and effectively design secure, auditable, and traceable cloud solutions that also meet the demands of your business. Here are 4 steps to get your cloud deployments GDPR ready for compliance.
In the cloud, the entire security framework operates under a shared responsibility model between the provider and the customer.
From an infrastructure perspective, the cloud service provider is responsible for providing a secure cloud environment, from their physical presence to the underlying resources that provide compute, storage, database, and network services.
Customers who import data and utilize the provider’s services are responsible for using them to design and implement their own security mechanisms such as access control, firewalls (both at the instance and network levels), encryption, logging, and monitoring.
Under GDPR, both customers (as controllers who define how and why personal data is collected) and cloud providers (as processors who manage, process, or store personal data on behalf of the controller) must be compliant.
Enterprises should make sure that their cloud partners and any third party that processes, manages, or stores personal data of EU citizens on their behalf have the proper compliance and controls in place.
Personally identifiable information (PII) as defined by GDPR includes a range of data types, from names, email addresses, and phone numbers, to photos, genetic data, and IP addresses. But how much of the personal data that you store is actually required for your business?
GDPR is an opportunity to take a critical look at the types of data you collect and why. Use cloud services like AWS’s Amazon Macie to audit and assess the type of data currently in your data stores and determine which ones will be impacted by GDPR. Do they contain data that is outdated or personal data that is unnecessary for your business? Take this opportunity to redefine your processes for the type of data that you will collect going forward.
A cloud security breach is more than just the loss of data. Exposed S3 buckets and other high-profile breaches that left millions of pieces of PII exposed in 2017 could prove fatal for a business under the new regulations. Under GDPR, a breach that results in exposure of personal data could result in fines of up to 4% of annual turnover or €20 million.
GDPR is an opportunity for companies to implement broader, more comprehensive cloud security and data protection in your deployments at every level. Amazon Web Services, Microsoft Azure, and Google Cloud Platform each have a range of services in place to support your security and compliance requirements. These include:
A regulation as far-reaching as GDPR will impact your organization at the technology, process, and people levels. A shared understanding by your teams of the regulation and how it impacts your organization from the point of view of technology and the business will be an essential component of your compliance efforts.
A best practices approach will be key to get your cloud deployments GDPR ready and to prepare for any security and compliance challenges that your business will face.
Cloud Academy is proud to be a sponsor of AWS Summit London coming up May 9-10 at the ICC, ExCeL, London.Join us in booth S24, Level 1 where our AWS experts will be on hand to answer your questions and walk you through our latest content and newest platform features.Ask us about y...
Cloud is a pathway to innovation. Where yesterday’s cloud deployments were about moving an on-premises infrastructure in your data center to a cloud environment, companies today are using cloud platforms to build new features for their products and services that are integrated at a soft...
George Gerchow is Chief Security Officer at Sumo Logic and Adjunct Honorary Lecturer at Cloud Academy. View the on-demand recording of our recent webinar, Establishing a Privacy Program: GDPR Compliance & Beyond with Mr. Gerchow and Jen Brown, Data Protection Officer at Sumo Logic....