Categories
Cloud Cloud News Newss

Microsoft and Intel collaborate with BDO and IntraEdge to launch GDPR Edge

BDO USA and IntraEdge launched a blockchain-based solution called GDPR Edge, to support the General Data Protection Regulation (GDPR). This solution is being supported by Intel and Microsoft.

GDPR data protection rules will apply to all the businesses operating in the EU, even if they do not have any physical presence within the EU. Any company that stores or processes personal information about European citizens within or outside EU states will need to comply with GDPR.

The GDPR will be effective from 25th May 2018, and the companies who miss compliance deadline will be fined up to €20 million or 4% of annual revenue. GDPR Edge is ready-to-deploy solution that can help companies to operationalize some elements of compliance.

It has been especially designed for organizations which have highly complex environments with enormous number of data sources, customer touch points, and multiple point-of-sale systems.

The new solution will integrate GDPR into the business processes, mitigate the risks and streamline the compliance efforts on an ongoing basis. Organizations will be able to view all the transactional data at a centralized location, while providing external consent mechanism to consumers.

GDPR Edge will allow the end-users to review their personal information collected by the organizations. They will be able to modify the information and even ask for removal.

“This centralized repository can be made available to data protection authorities, auditors and data governance professionals, as well as any other data collector or processor, meaning increased accountability, information transparency, accuracy, efficiency and auditability,” says Stephanie Giammarco, Partner and National Leader of BDO’s Technology and Business Transformation Services practice.

It will run on Intel Software Guard Extensions (SGX), and will be integrated with Azure cloud and Microsoft Business Intelligence offerings. The Intel SGX is an architecture extension which increases the security of application code and data.

Also read: WordPress 4.9.6 release helps site administrators respond to GDPR compliance

Furthermore, the GDPR Edge leverages distributed ledge technology of Hyperledger Sawtooth to enable trusted governing parties, and provide consumer access and transparency. BDO has contributed its data governance, privacy and auditing capabilities to the new solution.

Categories
Articles Cloud Cloud News

Only 40% companies will meet GDPR compliance deadline: 2018 GDPR Compliance Report

The deadline for General Data Protection Regulation (GDPR) compliance is just three weeks away, and around 60% of the companies are likely to miss the deadline, as per the 2018 GDPR Compliance Report by Crowd Research Partners.

GDPR is a kind of regulation that will require companies to protect the information and data of EU subjects and those who are dealing in any goods or services with the EU citizens. First approved and adopted by the parliament of EU in April 2016, it will generally come into action from 25th May 2018.

With this, the companies that are falling under European Union countries will need to comply with strict rules revolving around collection and usage of customer data, enforceable by the new GDPR law.

Here, the companies will need to implement strict data protection policies to safeguard the user data, like IP information, cookies, name, contact or address and ensure that it is not publicly available.

  • Only 40% companies will be GDPR compliant by deadline

In last year’s survey, it was found that only 5% companies were in full compliance for GDPR. The number hasn’t improved much till then, with only 7% companies indicated compliance readiness in the latest GDPR compliance survey.

According to the report, 33% of the companies expected to meet all the compliance requirements before the deadline.

32% companies had started the compliance process but were not sure about meeting the deadline. Whereas, 28% had plans but hadn’t made any progress.

GDPR compliance prepared

  • Half of the companies quite familiar with GDPR

50% of the companies had either deep knowledge or were quite familiar with GDPR regulation. Whereas, one quarter of the companies knew some details about GDPR.

What’s shocking is that despite the publicity surrounding GDPR, 25% of the companies had either very limited knowledge or no knowledge at all.

GDPR compliance familiarity

  • Majority of companies consider GDPR compliance a priority

Most of the companies (80%) considered GDPR compliance a top priority, with 34% counting it among top three priorities, and 46% counting it among a number of priorities.

Whereas, 20% of the companies were not even counting GDPR compliance a priority.

GDPR compliance priority

  • Top GDPR Compliance challenges

The lack of expert staff (43%) and lack of budget (40%) were the primary challenges for companies to become GDPR compliant, revealed the survey.

The other significant challenges for GDPR compliance were limited understanding of regulations (31%), lack of necessary technology (23%), and lack of management support (20%).

GDPR compliance challenges

  • GDPR compliance efforts will increase data governance budget

56% of the companies expected rise in their data governance budget to tackle the GDPR compliance challenges. 39% companies believed that it would neither increase nor decrease their budget, while only 5% expected a decline.

  • Majority of companies expect to make minor changes in security practices

The survey respondents cited cybercriminals (60%) and accidental loss by employees (57%) as the biggest threat to their organization’s data.

To become GDPR compliant, 28% of the companies said that they would need to make major changes to their security practices and systems.

A majority of companies (56%) expected minor changes, whereas 16% expected no change at all.

GDPR compliance changes

  • Majority of companies to spend at least 500 staff hours this year on GDPR efforts

Around 77% of the companies said that they would need to spend at least 500 staff hours this year on GDPR compliance.

Whereas, 23% expected to spend more than 1000 hours this year on the GDPR compliance efforts.

GDPR compliance time in efforts

  • 63% companies will take more than two months (from survey date) to become GDPR compliant

Majority of companies (63%) said that they would need more than two months from the survey date, to become GDPR compliant. 37% expected to spend at least two months more, whereas 14% will need more than 48 months.

Also read: Microsoft, Facebook, and other tech companies sign cybersecurity accord to not assist government in cyberattacks

For the comprehensive report, the IT, cybersecurity and compliance professionals in 400,000-member Information Security Community on LinkedIn were surveyed.

Images source: 2018 GDPR Compliance Report 

Categories
Cloud Cloud News News

25% of businesses had their data stolen from public cloud: McAfee Study

One-in-four businesses experienced data theft from a public cloud, and one-in-five businesses experienced an advanced attack against their public cloud infrastructure, as per a report released by the cybersecurity firm – McAfee.

The report, “Navigating a Cloudy Sky”, is based on the sampling of 1400 IT personnel, and was released at the RSA Conference in San Francisco.

The report outlined the current cloud adoption state, concerns with the public and private cloud services, security implications in the cloud and the impact of unmanaged cloud usage.

It was found that inadequate visibility and control were the greatest challenges to cloud adoption in any organization. However, the business benefits of cloud and availability of modern cloud security tools outweighed any security concerns, helping it move ahead.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. “By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

Other findings of the report have been summarized here:

  • Rise in cloud adoption

McAfee found that the number of businesses who used public, private and hybrid cloud had increased from 93% to 97% in the last one year. The rise in cloud adoption was significant at the hybrid cloud front.

Of the businesses who used any kind of cloud services, 88% of them stored sensitive data in the public cloud. 69% of the businesses trusted public cloud to keep their data safe. Whereas, 16% stated that they stored no sensitive data in the cloud.

61% of the businesses said that the most common sensitive data stored on the cloud was the personal information of their customers. 40% stored internal documentation, payment card details, personal staff information, and government identification data. Whereas, around 30% stored intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud.

  • Malware attacks have increased

The highlight of the survey report was that one in every four businesses who used IaaS, PaaS, or SaaS cloud service had their data stolen, and one in five had experienced an advanced attack against the public cloud infrastructure.

Furthermore, the malware attacks against the cloud applications rose from 52% to 56% over the course of one year. 25% of the businesses said that the malware was injected to the cloud by phishing.

  • Decline in ‘shortage of cybersecurity skills’

The positives from the survey were that the ‘shortage of cybersecurity skills’ and its impact on the cloud adoption in the organizations had decreased.

The number of organizations who reported ‘no skills shortage’ increased from 15% to 24% in one year.

Of the organizations who reported ‘skills shortage’, only 40% reduced the rate of cloud adoption, compared to 49% last year.

  • GDPR to fuel cloud adoption

With General Data Protection Regulation (GDPR) coming in action next month, the service providers will have to ramp up their compliance efforts. With the better compliance and security in the cloud, the businesses will be more confident about cloud adoption.

Only less than 10% businesses said that they might decrease their cloud investment because of GDPR.

Key takeaways – recommended security practices

  • Integration of development DevOps and DevSecOps within the business environments can improve the quality of coding and reduce the vulnerabilities.
  • Automation that brings together the human advantages and machine advantages are critical for modern IT operations. The use of tools like Chef and Puppet can be useful on this front.
  • The use of a unified management platform across multiple clouds, rather than multiple management tools for multiple cloud, can reduce the costs and increase the security.

Also read: McAfee Cloud Workload Security with container support to aid enterprises accelerate cloud business with compliance and security

Categories
Cloud Cloud News Datacenter

Microsoft updates Microsoft 365 to meet GDPR compliance 

Microsoft announced a number of new information protection capabilities and updates to its Microsoft 365, in response to GDPR which will come into effect after 25th May.

The GDPR (General Data Protection Regulation) is aimed at protecting and empowering the data privacy of all the citizens of Europe, as well as reshaping the way organizations in Europe approach data privacy. The organizations found to be non-compliant after May 25th may face heavy fines.

It is the responsibility of an organization to meet all regulatory requirements when the data is on-premises. However, when the data is moved to cloud, it becomes the responsibility of Cloud Service Provider as well.

The updates in Microsoft 365 include general availability of Compliance Manager for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers. Compliance Manager, available for Preview since November 2017, enables organizations to perform on-going risk assessments, and makes it transparent to customers how Microsoft protects their data.

Compliance Manager includes Compliance Score feature, which allows organizations to gain visibility into compliance stature of organization with a risk-based score reference. It is available for Office 365 users.

Microsoft also announced general availability of Azure Information Protection scanner, which enables users to automatically discover, classify, label, and protect documents in on-premises repositories like File servers and on-premises SharePoint servers.

The new intelligent compliance solutions in Microsoft 365 will help organizations to protect sensitive data, support data protection in apps and across all cloud services. Organizations can use it to scan hybrid and on-premises repositories by periodically configuring it.

Additionally, Microsoft is previewing Consistent labeling schema experience, which will be used to eliminate the need to create labels in two different places across information protection solutions in Microsoft 365.

Also read: Microsoft working on adding support for Java and Python to its Bot framework

Microsoft said that its new solutions will be helpful in efficiently managing compliance risks and leverage the cloud to identify, protect and monitor sensitive data to support GDPR compliance.