GDPR and the Need for a Smart Approach to Service Assurance
June 28, 2018

Michael Segal
NetScout

Share this

Following the introduction of the EU General Data Protection Regulation, or GDPR, on May 25 this year, organizations across the globe with customers and suppliers in the European Union have been working to ensure they are compliant, and bringing the subject of data projection to the front of everyone's mind.

It's little surprise that network security and information assurance are key to complying with the GDPR; the regulation includes a requirement for measures to be put in place that will mitigate the risk associated with assuring the availability and integrity of an organization's information in the event of an attack or outage, for example.

Article 32 is concerned with confidentiality, integrity, availability and resilience of processing systems and data, and with the speed at which availability and access to personal data can be restored in the event of downtime resulting for a breach or network outage. Of course, as the information protected by the GDPR and other similar regulations constantly traverses the network, it's important to assure its availability, reliability and responsiveness. Indeed, not only is this important for regulatory compliance, it should be high on the list of priorities for any business.

Given the size and complexity of today's IT networks, however, it can be almost impossible to detect just when and where a security breach or network failure might occur. It's critical, therefore, that businesses have complete visibility over their IT networks, and any applications and services that run on those networks, in order to protect their customers' information, assure uninterrupted service delivery and, of course, comply with the GDPR.

Insight and Intelligence

The volume of data being produced has exploded in recent years and this is only set to continue, with analysts predicting a tenfold increase within the next decade, 60 percent of which will be generated by enterprises.

Much of this will comprise what the GDPR, and other regulations such as PCI-DSS and HIPAA, define as personal data: the personal email addresses, phone numbers, IP addresses and credit card information that may be collected and recorded by a business. For compliance purposes, it's important that networking teams are able to understand how this data traverses their organization's networks, the paths it will take and where it will be stored.

Keeping track of this information requires full visibility across the entire network, including data centers, applications and the cloud. To comply with regulatory requirements around the processing of data, as well as for service and security assurance, businesses should consider a smart approach to the way they handle data. Such an approach would involve monitoring all "wire data" information, that is every action and transaction that traverses an organization's service delivery infrastructure, and continuously analyzing it and compressing it into metadata at its source. This "smart data" is normalized, organized, and structured in a service and security contextual fashion in real time. The inherent intelligence of the metadata enables analytics tools to clearly understand application performance, infrastructure complexities, service dependencies and, importantly for GDPR compliance, any threats or anomalies.

Essentially, continuous monitoring of this wire data means that businesses can have access to contextualized data that will provide them with the real-time, actionable insights they need for assurance of effective, resilient and secure infrastructure, crucial for complying with the GDPR, not to mention for much of modern business activity.

More at Stake than Ever

The recent implementation of the GDPR means that any organization that processes the personal data of UK citizens, regardless of where in the world that organization is located, is now within the scope of the law. Much has been written over the past year on the eye-watering financial penalties that could be imposed on any company found to be neglectful in fulfilling its duty to protect the privacy of that data. The privacy and protection of personal data have always been considerations for a business, but with the prospect of facing fines of up to €20 million or four percent of annual turnover, there is more at stake for businesses than ever before.

With robust protection in place, and with visibility, insight and intelligence delivering assurance of complete network availability, businesses across the world breathe a little easier that the reliability of their networks, and of the applications that run on those networks, meet the requirements of the GDPR.

Michael Segal is VP of Strategy at NetScout
Share this

The Latest

October 20, 2020

Although cost control/expense management remains top of mind, organizations are realizing the necessity of technology solutions to enable them to steer the business during these turbulent times, according to IDG's CIO Pandemic Business Impact Study ...

October 19, 2020

The COVID-19 pandemic has compressed six years of modernization projects into 6 months. According to a recent report, IT leaders have accelerated projects aimed at increasing productivity and business agility, improving application performance and end-user experience, and driving additional revenue through existing channels ...

October 15, 2020

There is no doubt that automation has become the key aspect of modern IT management. The end-user computing market is no exception. With a large and complex technology stack and a huge number of applications, EUC specialists need to handle an ever-increasing number of changes at an ever-increasing rate. Many IT organizations are starting to realize that they can no longer control the flow of changes. It is time to think about how to facilitate change ...

October 14, 2020

Starting this September, the lifespan of an SSL/TLS certificate has been limited to 398 days, a reduction from the previous maximum certificate lifetime of 825 days. With this change, everyone needs to more carefully monitor SSL certificate expiration and server characteristics ...

October 13, 2020

Nearly 6 in 10 responding organizations have accelerated their digital transformations due to the COVID-19 pandemic, according to The IBM Institute for Business Value study COVID-19 and the Future of Business ...

October 08, 2020

Two-thirds (67%) of those surveyed expect the sheer quantity of data to grow nearly five times by 2025, according to a new report from Splunk: The Data Age Is Here. Are You Ready? ...

October 07, 2020

Gaming introduced the world to a whole new range of experiences through augmented reality (AR) and virtual reality (VR). And consumers are really catching on. To unlock the potential of these platforms, enterprises must ensure massive amounts of data can be transferred quickly and reliably to ensure an acceptable quality of experience. As such, this means that enterprises will need to turn to a 5G infrastructure powered by an adaptive network ...

October 06, 2020

A distributed, remote workforce is the new business reality. How can businesses keep operations going smoothly and quickly resolve issues when IT staff is in San Jose, employee A is working remotely in Denver at their home and employee B is a salesperson still doing some road traveling? The key is an IT architecture that promotes and supports "self-healing" at the endpoint to take care of issues before they impact employees. The essential element to achieve this is hyper-automation ...

October 05, 2020

In Episode 10, Prem Naraindas, CEO of Katonic.ai, joins the AI+ITOPS Podcast to discuss how emerging technologies can make life better for ITOps ...

October 02, 2020

Sean McDermott on the AI+ITOPS Podcast: "AIOps is really about the processing of vast amounts of data and the ability to move into a more analytical, prescriptive and automated methodology."