GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Similar documents
What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Cybersecurity Considerations for GDPR

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

Technical Requirements of the GDPR

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

How the GDPR will impact your software delivery processes

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Islam21c.com Data Protection and Privacy Policy

All you need to know and do to comply with the EU General Data Protection Regulation

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Data Management and Security in the GDPR Era

Accelerate GDPR compliance with the Microsoft Cloud

ngenius Products in a GDPR Compliant Environment

Emergency Compliance DG Special Case DAMA INDIANA

GDPR: An Opportunity to Transform Your Security Operations

The GDPR Are you ready?

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

GDPR: A QUICK OVERVIEW

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

EU General Data Protection Regulation (GDPR) Achieving compliance

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

A Security Admin's Survival Guide to the GDPR.

GDPR COMPLIANCE REPORT

EventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation

Fabrizio Patriarca. Come creare valore dalla GDPR

Guide to Cyber Security Compliance with GDPR

General Data Protection Regulation (GDPR)

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

Vanderbilt Video Surveillance. EU General Data Protection Regulation A Compliance Guide

Our agenda. The basics

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

General Data Protection Regulation (GDPR) Key Facts & FAQ s

GDPR Compliance. Clauses

What is GDPR? Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

the processing of personal data relating to him or her.

Data Protection Policy

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Data Privacy and Protection GDPR Compliance for Databases

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

A Practical Look into GDPR for IT

Data Breaches and the EU GDPR

Google Cloud & the General Data Protection Regulation (GDPR)

GDPR: A technical perspective from Arkivum

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Privacy Policy CARGOWAYS Logistik & Transport GmbH

GDPR Controls and Netwrix Auditor Mapping

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

EU General Data Protection Regulation A Compliance Guide

The Role of the Data Protection Officer

Data Processing Clauses

Understand & Prepare for EU GDPR Requirements

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

How IT security solutions can help meet the GDPR's Requirements with Ease

SCHOOL SUPPLIERS. What schools should be asking!

Arkadin Data protection & privacy white paper. Version May 2018

CipherCloud CASB+ Connector for ServiceNow

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

A Homeopath Registered Homeopath

Adtech and GDPR What to consider when choosing your partner

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Altitude Software. Data Protection Heading 2018

EU GDPR and Security Compliance for the DBA. Santa Clara, California April 23th 25th, 2018

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

A practical guide to using ScheduleOnce in a GDPR compliant manner

Knowing and Implementing the GDPR Part 3

EU - GDPR Solution Brief. New York GDPR Cybersecurity. EventTracker 8815 Centre Park Drive, Columbia MD 21045

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

Data Protection Policy

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Helping Address GDPR Compliance Using Oracle Security Solutions ORACLE WHITE PAPER SEPTEMBER 2017

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

ZIMBRA & THE IMPACT OF GDPR

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Privacy Policy Hafliger Films SpA

Getting personal with your customers and GDPR

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

MiContact Center Business Important Product Information for Customer GDPR Compliance Initiatives

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

Eco Web Hosting Security and Data Processing Agreement

GDPR drives compliance to top of security project list for 2018

Charting the Course to GDPR: Setting Sail

EXAM PREPARATION GUIDE

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Transcription:

GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018

Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2

About XYPRO Inc. Magazine 2017 Award for Best Workplaces Solutions and expertise in NonStop cyber security, compliance, and database management XYGATE security solution suite Merlon NonStop database management solutions Background Founded in 1983 and based in California, USA Over 100 employees around the world Globally-based sales, support and services Strong partnership with HPE Acquired Merlon Software in March 2017 Slide 3

XYGATE and Merlon Solutions Comprehensive NonStop security and database management Security Intelligence Reduce Mean Time to Detection Data Protection Protect Your Data Identity & Access Management Manage Access to Information Secure Database Management Manage Data Effectively Audit & Compliance Leverage Audit Data Authentication & SSO Authenticate Securely Slide 4

Disclaimer This presentation is a commentary on the GDPR, as XYPRO interprets it, as of the date of publication. We ve spent a lot of time with GDPR and have been thoughtful about its intent and meaning. But the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well prescribed. As a result, this presentation is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance. XYPRO MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN PRESENTATION. Slide 5

What is GDPR? GDPR enforcement begins 25 May 2018 General Data Protection Regulation European Union s new Data Protection Law Replaces the Data Protection Directive GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or analyze personal data. The GDPR also gives national regulators new powers to impose significant fines on organizations that breach the law. XYPRO Technology All Rights Reserved Slide 6

Introduction to GDPR GDPR enforcement begins 25 May 2018 Tough Penalties - Fines up to 4% of global turnover Applies to EU and non-eu companies that collect and process personal data of subjects in the EU Breach notification within 72 hours Privacy by Design Right to be Forgotten, Data Portability Mandatory Data Protection Officers GDPR is NOT a directive. It will supersede national laws XYPRO Technology All Rights Reserved Slide 7

GDPR Personal Data Definition GDPR enforcement begins 25 May 2018 any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier Examples Name Identification Number (e.g. SSN) Location Data Online Identifiers Genetic Data Biometric Data XYPRO Technology All Rights Reserved Slide 8

GDPR Data Definitions GDPR enforcement begins 25 May 2018 Controller: a body which determines the purposes and means of the processing of personal data; Processor: a body which processes personal data on behalf of the controller. Processing: any set of operations which is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information Filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis. XYPRO Technology All Rights Reserved Slide 9

GDPR Key Principles GDPR enforcement begins 25 May 2018 Transparency, fairness and lawfulness Limiting the processing of data to specified, explicit and legitimate purposes Minimizing the collection of data Ensuring accuracy Enabling data to be erased Limit the storage of data XYPRO Technology All Rights Reserved Slide 10

Current state of cyber security Mandiant M-Trends 2017Report 99+ Days 47% 84% 100% For organizations to discover a compromise Of organizations learn about breach from an external entity Of successful breaches compromise app vulnerabilities Had Firewalls, IPS, SIEMs and other solutions deployed in their environment Slide 11

Identifying threats is harder than ever Cyber security needs to adapt Attacker objectives and methods have changed Focusing on theft of user credentials Hackers spending 90% of their time on reconnaissance Using low and slow techniques Cyber crime affects every industry, every platform Attacks are coming from all sides Increase in data, connectivity and globalization Slide 12

NonStop Security Layers Slide 13

Article 32 Article 32 of the GDPR states the data controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Further, Article 32 requires the data controller or data processor must take steps to ensure that any natural person with access to personal data does not process the data except on instruction of the controller, processor, European Union law, or member state law. This means ensuring proper authentication, access control, and identity management are in place to ensure a level of security appropriate to the risk. Slide 14 14

Authentication and Access Control XYGATE User Authentication (XUA) Flexible authentication processes Multi-factor authentication Note increased requirement with PCI 3.2 Single sign-on LDAP and Active Directory support Support for RSA SecurID and RADIUS XYGATE Access Control (XAC) Individual accountability Role-based access control Granular access control Keystroke logging Audit privileged user activity Slide 15

Article 32 continued Article 32 also references Security of processing: The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymization and encryption of personal data; This boils down to encryption and masking of personal data. Encryption is supported on the HPE NonStop at most layers from network to data. Article 32 requires processors working with EU citizens personal data to use it. Slide 16 16

Article 33 Article 33 requires prompt breach notification: In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. The processor shall notify the controller without undue delay after becoming aware of a personal data breach. Records of all activity that touch that data need to be collected and organized to make it possible to detect and report on all unauthorized access. For NonStop systems, this means audit everything associated with GDPR-defined personal data or as much possible to address the risk. Slide 17 17

Auditing and Alerting XYGATE Merged Audit (XMA) Single repository for audit data Audit and compliance reports Integration with SIEMs Plugins for BASE24 and BASE24-eps XYGATE Compliance PRO (XSW) PCI DSS, best practices, industry regulations and company policy Integrated compliance and analysis File and system integrity checks PCI reporting Slide 18

Monitoring with Compliance PRO Slide 19

XYGATE SecurityOne (XS1) Security intelligence and analytics Unified dashboard Intelligent integrity monitoring Compliance and risk management Machine learning Anomaly detection Correlation and context CLIM Risk Manager Slide 20

GDPR Compliance on HPE NonStop Understand your current data processing activities Assess your current compliance and identify gaps Prioritize remediation actions based on risk and resources Implement an actions plan Let XYPRO help Slide 21 24

Thank You! @SteveTcherchian steve@xypro.com Slide 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback