Are you ready for GDPR?

Are you ready for GDPR?

With just weeks to go until the General Data Protection Regulation (GDPR) becomes enforceable on May 25, most global companies are racing to prepare. They all want to avoid the substantial fines (up to four percent of revenue) and other penalties. But the benefits of good data privacy processes extend well beyond avoiding these fines and penalties. Having good privacy is essentially a commitment to your customers. It means your customers can trust you to treat their personal data appropriately. You protect the data while you have it, so your customers know they can trust you with their personal information.

One of the key requirements of GDPR calls for data controllers and data processors to safeguard customer information by implementing appropriate technical and organizational measures. This translates to microsegmenting the workloads that contain databases with customer information. The goal is to create a zero trust policy which will only allow approved applications and connections to access the database. Everything else is blocked. Microsegmentation can’t be done using traditional network technology with switches, routers and firewalls, which ends up with millions of firewall rules based on IP addresses. Alternatively, a complementary approach which drives segmentation closer to the application, and closer to a (physical or virtual) server can play a critical role in reducing the explosion of insider threats and spread of lateral attacks. Only microsegmentation down to the workload/application can reduce the risk of an attacker moving from one compromised workload or application to another.

Microsegmentation gives administrators more useful ways to describe the workload. Instead of relying merely on IP addresses, administrators can describe the inherent characteristics of the workload, tying this information back to the security policy. It can answer questions like: what type of workload is this (web, app, or database)?; what will this workload be used for (development, staging, or production)?; and what kinds of data will this workload be handling (low-sensitivity, financial, or personally identifiable information)? What’s more, microsegmentation even allows administrators to combine these characteristics to define inherited policy attributes. For example, an application development workload handling financial data gets a certain level of security, but a production workload handling financial data gets an even higher level of security.

vArmour’s patented Application Policy and Control solution greatly simplifies the process of microsegmentation which requires deep application communication and relationship knowledge. Our intuitive tools can be deployed very quickly and provide immediate value. Organizations can gain application-level visibility in their entire compute estate across hybrid clouds and create effective security policies to protect customer data and meet GDPR regulations.

Download the GDPR Compliance with vArmour White Paper for more information.

Related Posts