Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Similar documents
SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Data Management and Security in the GDPR Era

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EU General Data Protection Regulation (GDPR) Achieving compliance

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Accelerate GDPR compliance with the Microsoft Cloud

GDPR COMPLIANCE REPORT

Technical Requirements of the GDPR

Helping you to be GDPR compliant

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

How the GDPR will impact your software delivery processes

Breach Notification in the GDPR Era. Speakers: Sam Pfeifle, IAPP Dennis Holmes, PwC

GDPR: A QUICK OVERVIEW

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Arkadin Data protection & privacy white paper. Version May 2018

The GDPR Are you ready?

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Cybersecurity Considerations for GDPR

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Cisco Webex Messenger

General Data Protection Regulation (GDPR)

SECURITY & PRIVACY DOCUMENTATION

Cybersecurity The Evolving Landscape

Modern Database Architectures Demand Modern Data Security Measures

Oracle Data Cloud ( ODC ) Inbound Security Policies

Privacy Policy Identity Games

Google Cloud & the General Data Protection Regulation (GDPR)

GDPR: A technical perspective from Arkivum

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Altitude Software. Data Protection Heading 2018

Jeff Wilbur VP Marketing Iconix

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

1. Type of personal data that we collect and process?

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Data protection is important to us

Eco Web Hosting Security and Data Processing Agreement

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

GDPR compliance: some basics & practical to do list

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

EY s data privacy service offering

DATA PROTECTION POLICY THE HOLST GROUP

Creating Value With GDPR

Creative Funding Solutions Limited Data Protection Policy

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Learning Management System - Privacy Policy

GDPR Compliance. Clauses

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

Fact Or Fiction: The State Of GDPR Compliance

Recommendations on How to Tackle the D in GDPR. White Paper

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

BHConsulting. Your trusted cybersecurity partner

Implementing the new GDPR: what does it mean for Universities?

EY s Data Privacy Services. January 2019

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Putting It All Together:

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

MOBILE.NET PRIVACY POLICY

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

HPE DATA PRIVACY AND SECURITY

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

Element Finance Solutions Ltd Data Protection Policy

Data Protection Policy

Direct Marketing and its Relevance: The 'Opt-in Challenge'

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

GDPR - Are you ready?

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

European Union Agency for Network and Information Security

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

Data Processing Agreement

GDPR: The Day After. Pierre-Luc REFALO

BHConsulting. Your trusted cybersecurity partner

Countdown to GDPR. Impact on the Security Ecosystem and How to Prepare

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

Vulnerability Management Trends In APAC

CAN MICROSOFT HELP MEET THE GDPR

DATA PROTECTION POLICY

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Mastering The Endpoint

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

Privacy Policy for Trend Micro Products and Services for the European Union, the European Economic Area (EEA) and the United Kingdom

Islam21c.com Data Protection and Privacy Policy

locuz.com SOC Services

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Big data privacy in Australia

Government IT Modernization and the Adoption of Hybrid Cloud

What kind of information do you collect, when and how?

NOTICE OF PERSONAL DATA PROCESSING

Transcription:

Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain

Merritt and Martijn will share insights on Digital Transformation & Drivers Global Privacy and Security Standards GDPR & Investment Trends Customer Identity Access Management Trends 2

Digital Transformation Trends 3

What is driving digital transformation? https://www.forrester.com/report/your+digital+transformation+is+not+bold+enough+five+signs+of+trouble+and+key+fixes/-/e-res137950 2017 FORRESTER. REPRODUCTION PROHIBITED. 4

The Five Areas Of Change Needed For Successful Digital Transformation https://www.forrester.com/report/your+digital+transformation+is+not+bold+enough+five+signs+of+trouble+and+key+fixes/-/e-res137950 2017 FORRESTER. REPRODUCTION PROHIBITED. 5

The Three Fundamental Components Of Zero Trust In Digital Transformation https://www.forrester.com/report/futureproof+your+digital+business+with+zero+trust+security/-/e-res137483 2017 FORRESTER. REPRODUCTION PROHIBITED. 6

Identity drives Digital Transformations BUSINESS IMPACT Identity Innovation and Acceleration IDENTITY MARKETING Markets Industries Market Segments Channels Journey maps and lifecycles Customer storyboards and personas Learning maps Motivation models SERVICE Customer Relationships Value Propositions Offering: Service/Products Value maps Product and offering maps Design models OPERATIONS Processes/Value Chains Capabilities Business Service Functions Data Applications Technology Value chain analysis Cross functional models Capability/business anchor models Process models Application models Data and information models Technology models 7

Transformation In Customer Engagements From single touch to multi touch Product Centric Customer Centric Product and Sales Objectives Customer Insights Channels Channels Channels Channels Channels Offers Preferences Channels Channels Customer Segments Response Customers Differentiated Value Propositions Product, Promotion Price One-Way Monolog vs. Continues Dialog Product Focused vs. Customer Relations Focused Campaign Oriented vs. Value Based Management 8

Recent Global Privacy and Security Standards: General Data Protection Regulation (GDPR) Trends 9

GDPR: Key Challenges Business Consent required for data that is collected Strong breach notification Data can only be used for purpose it was collected Technical Must support right to be forgotten IP address can be PII Data has to be available 2017 FORRESTER. REPRODUCTION PROHIBITED. 10

Data Subject Rights Access Objection Portability Restriction Erasure Profiling/ automated decisions 11

GDPR Key Principles: 1 Lawful basis for each processing activity Consent - freely given, specific, informed and unambiguous consent to purpose (can be gained with informed checking of box or click) Necessary to enter into or perform contract Necessary for compliance with EU or member state legal obligation Legitimate interests - set out in privacy statement/notice Processing for direct marketing (subject to objections) Processing to prevent fraud Processing to ensure network security Additional bases by member states connected with national law or related to public interest 12

GDPR Key Principles: 2 Consent and purpose limitation Separate consent required for different processing purpose Further processing permitted as compatible with original purpose under certain circumstances/protections. (See Art. 6(4) for factors to consider in determining compatibility.) Data minimization, accuracy, and retention limitation Take only the personal data needed to meet permitted purpose and only keep it for the time being Transparency Clear, concise, and timely notice, including retention periods 13

GDPR Key Principles: 3 Personal Data Breach Notification Required for a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Processor must notify Controller. Controller to notify supervisory authority generally within 72 hours after having become aware of it, if there is risk to data subjects. Notice not required if the personal data breach is unlikely to result in a risk to affected data subjects (such as if data is encrypted). Article 33(1). Controller to notify affected data subjects without undue delay if controller determines the breach is likely to result in a high risk to the rights and freedoms of individuals. Article 34. 14

GDPR requires a crossfunctional approach https://www.forrester.com/report/identify+companywide+roles+and+responsibilities+to+support+your+gdpr+compliance+efforts/-/e-res138191? 2017 FORRESTER. REPRODUCTION PROHIBITED. 15

GDPR Budgets & Priorities https://www.forrester.com/report/assess+your+data+privacy+practices+with+the+forrester+privacy+and+gdpr+maturity+model/-/e-res122836? 2017 FORRESTER. REPRODUCTION PROHIBITED. 16

GDPR Obligations And Data Governance Impact: Building A Culture Of Privacy Obligation Description Data governance impact Organizational alignment Companies must assign a data protection officer (DPO) with appropriate resources and authority when they engage in regular and systematic monitoring of data subjects on a large scale or where their core activities consist of processing special categories of personal data. Implement a privacy management process. Enable privacy audits for regulators, including GDPR lineage controller and processor lineage. Publish privacy audit for data buyers. Data protection by design Risk management Organizations must build the concept of privacy into the fabric of their data practices and their information platform architectures. Companies must manage transparency, lawfulness, data minimization, and data quality at each stage of the data life cycle. The GDPR discusses a code of conduct as a mechanism for formalizing practices. The GDPR states that organizations need to implement technical and organizational measures to ensure a level of security appropriate to risk. https://www.forrester.com/report/enhance+your+data+governance+to+meet+new+privacy+mandates/-/e-res135462 Establish data flow lineage along the data life cycle. Create dashboards for CIO, DPO, and chief data officer to demonstrate data protection (security and transparency) for private data. Provide data protection auditing guidance to diminish the costs of such audits. Centralize the management of private data security policies executed in many apps. Deploy these policies in the execution platforms (ECM, ecommerce, and cloud platforms). Estimate enterprise impact or risks to managing customer private data. Manage the evolution of impact assessment best practices from industry consortiums. 2017 FORRESTER. REPRODUCTION PROHIBITED. 17

Customer Identity Access Management Market Trends 18

Trends affecting identity landscape Analytics Mobile Security Personalized Customer Journey Cloud Passwordless Internet of Things Social 19

Customer Identity Trends Enterprise Dynamic ID Based Content Consumer BYOI ID Market Signaling Capability IAM - CIAM Blending IT Admin Data Subject Rights Compliance Data Scientist Fraud Scoring Increased Complexity Granular Controls Policy based Automation Increased Self Service Data Controls Increased Intimacy Network Aware Digital Fingerprinting Siri / Alexa interoperability 20

Customer Interaction Fatigue Overcome Fatigue to ensure customer engagement Registration Fatigue Login Fatigue Password Fatigue Over-communication Fatigue 21

Cyberattacks are a board-level concern Companies do not want their breach to appear on CNN. Security is shifting from a director/vp/ciso/cio IT problem to a CEO problem. Data protection is a key concern. Mobile and IoT present new challenges. BYOD/user-owned devices are here to stay. 2017 FORRESTER. REPRODUCTION PROHIBITED. 22

CISOs are Dealing with a a range of IT Security Initiatives Which of the following initiatives are likely to be your firm's/organization's top Information/IT security priorities over the next 12 months? Improving security monitoring capabilities Improving advanced threat intelligence capabilities Improving application security capabilities and services Leveraging cloud-based or managed security services Enhancing business continuity/disaster recovery capabilities Improving mobile security capabilities and services Achieving and/or maintaining regulatory compliance Improve incident response and forensics capabilities Creating a Security Operations Center Securing Internet of Things (IoT)/M2M within the enterprise Establishing and/or enhancing ediscovery practices Critical or High Priority (4,5) Improving the security of customer-facing services and Complying with security requirements placed upon us by Ensuring business partners/third parties comply with our Establishing or implementing a formal technology/it risk Rolling out effective security training and awareness for 66% 66% 66% 66% 65% 65% 65% 65% 65% 63% 62% 61% 59% 59% 58% Other 69% 34% 34% 34% 34% 35% 35% 35% 35% 35% 37% 38% 39% 41% 41% 42% 31% Base: 2,314 Security technology decision-makers Source: Forrester s Global Business Technographics Security Survey, 2016 2017 FORRESTER. REPRODUCTION PROHIBITED. 23

2017 FORRESTER. REPRODUCTION PROHIBITED. 24

The Enterprise Security Team Is Taking On More Customer Risk, And CIAM Can Help Which of the following activities are you and your team actively working on? Where can CIAM Help? Ensuring the security and privacy of customer data sold/exchanged to partners Identifying new sources of data-driven revenue Protecting data warehouses and other data repositories typically used in customer intelligence Embedding security into your organization's end products or services Enabling rapid adoption new technologies and/or services to help acquire and maintain customers Responding to breaches of customer Pll in a responsible and timely way Developing secure customer-facing mobile and web applications API management and security Managing the risks around social media engagement Protecting our customers' personal information from privacy abuses Authenticating customers across channels Protecting our customers' personal information from cybercriminals and fraudsters Base: 1,543 to 1,550 Security decision-makers responsible for security activities (1,000+ employees) Source: Forrester s Global Business Technographics Security Survey, 2015 & 2016 2017 FORRESTER. REPRODUCTION PROHIBITED. 25

2017 FORRESTER. REPRODUCTION PROHIBITED. 26

61% My mobile/online behavior could be tracked 52% My data could be permanently recorded and accessible to anyone 58% 65% I do not understand who could have access to my data 45% 52% Base: 33,471 online adults Source: Consumer Technographics North American Online Benchmark Surveys (Part 2), 2016 and 2017 2016 2017 2017 Forrester Research, Inc. Reproduction Prohibited 27

Concerns about personal data privacy and security when using social media to access other sites increase for consumers 45% 43% 40% 2015 2016 2017 Base: 4,505 4,636 online adults Source: Forrester Data Consumer Technographics Technology, Media, and Telecom Survey, 2016 & 2017 (US); Forrester Data Consumer Technographics Consumer Technology Survey, 2015 (US) 2017 Forrester Research, Inc. Reproduction Prohibited 28

Customer Identity Access Management Recommendations Know your customer a bit before you select and deploy a solution Balance usability with security Plan for scale Plan for multichannel 2017 FORRESTER. REPRODUCTION PROHIBITED. 29

Your End-Goal: Move users from anonymous to known/verified identities over time in unobtrusive manner 2017 Forrester Research, Inc. Reproduction Prohibited 30

Questions? 31

Thank you Merritt Maxim mmaxim@forrester.com @merrittmaxim Martijn Loderus martijn.loderus@janrain.com 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback