In our earlier blogs, we highlighted some of the important takeaways from our GDPR event on May 18th in Edegem. But one of the most important messages conveyed on that day was the importance of protecting your data if you want to become and stay GDPR-compliant. The importance of security can hardly be overestimated in that context but encypting your data may prove a very valuable contribution as well.
The deadline for GDPR has crossed the psychological ‘less than a year’ barrier and organizations’ awareness and concern are almost growing by the day. The previous blogs has focused on the respective responsibilities, among which the notification obligation when a data breach has occurred. But it is of course easier when no breach has occurred at all. That’s where the importance of security arises: if you manage to keep (almost) all hackers away from your data, there will be nothing to declare at all.
KNOW YOUR ENEMY
Of course we all know that it is virtually impossible to prevent data breaches from happening at all. But if you want to provide the best possible security for your specific environment, it is essential that you know who you’re protecting your data from, warned Erik De Jong, CRO at security vendor Fox-IT:
Compare it to security in real life: if you’re worried about spies, you need to build your fence higher than if you’re just keeping ordinary criminals out, but your gate may not require the biggest lock. For your digital infrastructure, you should identify your biggest threat as well and provide the best security accordingly. Bear in mind that you biggest threat can also be a disgruntled employee, so building the biggest firewall might turn out to be the biggest mistake. Erik de Jong Fox-IT
WHAT ARE WE TO DO?
Even if you know that you may suffer a data breach sooner or later, you’re still required to take a reasonable amount of precautions to protect your infrastructure. But additionally, you should invest in the necessary tools to detect a breach as soon as possible, in order to prevent the damage. And in tools to log the damage that has been done, because you will have to provide a detailed report to authorities. “This logging tool is very important”, said Erik De Jong, “because it is difficult to assess the damage afterwards: what has been stolen, will not appear in the list of remaining data.”
One other means to minimize the impact of data breach is to encrypt your most valuable data, added Jan Smets, pre-sales manager at Gemalto: “If you understand that perimeter security will never completely safeguard your environment, you can look at data as the new perimeter. By attaching security to the data and applications, you define a whole new level of security.”
Does this mean data cannot be stolen anymore? Not at all, answered Jan Smets:
Breaches will still occur, but even when data have been copied or stolen, the cybercriminal will not be able to exploit these data because they don’t have access to the encryption key. This is a very reassuring thought: if you know your data cannot be exposed or abused, you have no duty to report the incident to the data subjects, and can confine yourself to merely reporting the breach. Jans Smets Gemalto
An authentication solution can provide this encryption for sensitive data. And it can additionally manage the access to these data: only people who are entitled to view or modify the data, will have access to them. “This is an affordable alternative to building firewall upon anti-malware solution, which does not prevent breaches from occurring, but does add to minimizing the impact of a breach.”