sudu loonu | information technology security

GDPR is coming and businesses got to prepare

The General Data Protection Regulation (GDPR) is predicted to be deployed in 2017, tying together the principles of knowledge protection, within every nation within the EU. As we well know, GDPR has been devised to deal with the changing ways during which companies function within the times. this may be done by tackling concerns surrounding the protection of private data on social networking sites, also as data stored and transferred within the public Cloud. But how will these changes affect those folks on the ground? The introduction of penalties of up to 4% of worldwide annual turnover and therefore the obligation to report data leaks are bound to have a big impact on the way companies approach data protection.

In the absence of a ball, there may be a view of what companies can do to make sure that they're protecting the sensitive information they hold about their employees and customers and avoid being hit by new data protection penalties.

Whether your business is predicated in Europe, otherwise you are a non-EU business with data traded or stored inside Europe, it's probable that the upcoming European data protection regulations will change how you affect your staff and client data. 

Considering international collaboration

The recent growth in globalization has born to a borderless corporate philosophy where data can immediately be shared between different countries and devices. Our means of storing and distributing data have dramatically evolved within the last ten years and it's imperative that the regulations around protecting data are evaluated and altered to mirror this; a business’ firewall cannot defend sensitive data when it's shared with third parties.

Our means of storing and distributing data have dramatically evolved within the last ten years

One of the main changes within the GDPR is expanding the territorial scope of the laws to incorporate not only companies that are established within the EU.virtual technology

 The new regulation also will affect people who are based elsewhere but processing personal data of individuals residing within the EU. Now, many organizations that were outside the scope of application are going to be directly subject to the wants.

This development brings the important question of knowledge residency squarely into the limelight. Now quite ever, EU-based businesses and individuals are questioning if their data is being handled and stored in EU-based data centers. Under GDPR, businesses will need to make sure that the knowledge stored in their data centers never leaves the country-specific legal area without authorization.

The recently repealed Safe Harbour Agreement between Europe and therefore us shows that even the ECU Court of Justice (ECJ) believes that data from Europe isn't always safe when stored overseas. Although customers will likely be ready to approve the transmission and processing of their data on each side of the Atlantic, businesses currently run the danger of violating European privacy laws and allowing business-critical information to fall under the incorrect hands if they store data outside the EU.

Dealing with sensitive information – what's the proper approach?

Whether your business has 50 or 5,000 employees, it's likely that you simply affect a considerable amount of client and customer-sensitive data, be that contact details, social media activity, or professional and private records. Especially when considering the rise in Cloud services, this sensitive information is now likely to be stored outside of the business itself, also as internally. With GDPR around the corner, it's imperative that companies evaluate the way they gather, categorize, store, distribute and defend the info they acquire.

With GDPR around the corner, it's imperative that companies evaluate the way they gather, categorize, store, distribute and defend the info they acquire

Under the new regime, the definition of ‘personal data’ is predicted to broaden, bringing more sorts of information into the regulated perimeter. Businesses also will need to confirm that this far wider scope of relevant data is secured by adopting modern encryption methods and other technical safeguards like rights management, two-factor authentication, operator shielding, and full audit trails. While this might sound sort of a significant burden to businesses, many data-handling solution providers are already offering data protection by “default”, meaning that products and services are automatically provisioned with the very best level of privacy.

Information may be a valuable asset to businesses and one that must be effectively guarded to guard customer information and trade secrets. However, it also must be communicated and shared with third parties. there's a fine balance between operating effectively with the proper access to data, while also protecting the privacy of the info subjects and complying with regulations. Simple and secure technical measures got to be put in situ to make sure this balance is feasible.

Straight forward, but secure collaboration

In this day and age, an outsized proportion of companies are required to figure with external parties so as to remain current; but they similarly must meet data protection regulations if they're getting to protect client information and their own reputation. By introducing an easy-to-implement and use storage and collaboration technology, businesses will find it far more simple to realize both requirements of recent business.

When sharing data with third parties, wherever they're located, businesses should consider adopting a collaboration platform that's simple for workers to use and supports them in their everyday work, so it's perceived as a helpful tool instead of a hindrance.

To make it easier for your business to guard customers’ data and suits GDPR, you ought to choose a collaboration platform that:

Protects data transmission and storage by cryptographic means

Has strong authentication measures to make sure only authorized users can access data

Allows you to tailor users’ access rights and modify what they will do with a document

Provides a tamperproof audit trail, enabling traceable and transparent insight into how documents are getting used and edited

Is accessible securely when employees are traveling abroad or are out of the office

If you haven’t already done so, now's the simplest time to start out preparing your business for the complete implementation of GDPR in 2017. By reviewing the way your company collects, stores, and shares data with these new data protection regulations in mind, you'll be ready to ensure your ongoing compliance and avoid devastating fines and reputation damage within the future.

Application rationalization: Four steps to form it a resolution that lasts

Many of you'll have started 2016 with a resolution in place; maybe getting the exercycle out of the garage and committing to being more active, or cutting chocolate and cigarettes. These are great things to plan to, but have you ever considered that you simply should probably be doing an equivalent for your business too? IT and cloud systems also can enjoy being a touch leaner, effective, and fine-tuned, which is why application rationalization should be a consideration.

Application rationalization – or the method of evaluating applications to ascertain which of them are needed and which may be discarded – are some things you'll well have already got had conversations about. After all, who doesn’t want to tap into hidden cost savings or improved business performance? the matter is that such initiatives are often doomed to failure from the beginning thanks to poor organization and failure to place a group of processes in situ.

To prevent this from happening, there may be a four-step decide to follow for application rationalization success:

Think about the small print – not just the large picture

As with your resolutions, the simplest thanks to achieving success is to understand how you’re getting to roll in the hay before you start. It’s no good saying you’re getting to reduce, stop smoking and obtain fit all at once; you would like specific targets, timeframes, and plans for a way you'll get there. Similarly, if you would like to wean yourself off unnecessary applications, you would like to think long and hard about your goals for both the short and future. Has it cost reduction, or are you looking to consolidate which applications you're using to simplify processes, for example? The key's to line a goal right at the beginning; getting to achieve everything at an equivalent time is usually a quick track to achieving nothing. Once you've got this fixed in your mind, it’s time to place together a sensible plan and timeline on how you’re getting to achieve these.

Build up your support network

Once you recognize what you would like to realize you would like to figure out how you're getting to succeed. To do so, you would like to place together a team of individuals from across the business to look at which applications are needed and valued. this may help to work out which of them are often rationalized or updated. Having a cross-departmental team representing different areas of the business – from HR to Finance, Sales, and Marketing to Operations – will enable you to find out how applications are used between and across teams.

put together a team of individuals from across the business to look at which applications are needed and valued

Are your applications working together or operating in silos?

With a team of stakeholders in situ, you would like to seem at your applications intimately. How are they working together? If certain applications are only getting used by one team, are they needed? Are they supporting one project? Can this be achieved elsewhere? does one have two applications (or more) doing an equivalent job? Asking these sorts of questions will help to spot duplication, or where teams are using different tools to supply an equivalent function. this may be critical when it involves selecting what stays, what goes, and what are often merged.

Application rationalization isn’t just a replacement Year’s resolution

While conducting your application rationalization, keep an eye fixed open for insights to be used for the longer term. Though you'll decide that some applications are more necessary than others, it's good practice to notice where risk might reside, or how teams can work together more effectively by granting access to certain applications across teams. Above and beyond this, it’s a chance to place in situ continuous lifecycle management for all applications, so you'll revisit which of them you would possibly need or not need in 3 / 6 / 12 / 24 months’ time. It’s important that the business as an entire decides whether it must update, change, or remove applications, instead of just individual teams. as an example, you would possibly find that an updated operations application replaces something employed by the finance team or vice-versa.

Modern business relies upon a spread of specific applications to function, but some have overstayed their welcome and are undoubtedly holding back organizations, costing time and money. Application rationalization is vital, but it must be administered with clear goals in mind to ensure long-term success. Planning will help to get rid of unnecessary applications, which can help to enhance long-term processes. Sharpening IT systems may be a great resolution to form, just don’t provide it up. When Enterprise and Social Collide: the longer term of collaboration way that we all collaborate at work is changing, even as the way that we all collaborate with our friends already has, and it’s all about social media.

Like many of my colleagues, I exploit different social platforms in several ways: on behalf of me Facebook is for Friends and Family, Twitter is for Work and Arsenal and LinkedIn is for Work and Contacts. We all strike a rather different balance, but as a rule most folks are now quite comfortable using social media for public collaboration whether work or personal.

There is another side to collaboration, however, the less public kind – for instance the collaboration that happens behind closed doors at work, which in most organizations, remains done via email. Many believe that email has had its day, not only are we all overloaded, slaves to our inboxes, they believe that in the future we'll all use social tools for collaboration at work instead. to the present end companies like IBM, Microsoft, and Jive have for years now been selling and enhancing their tools for workplace social collaboration. These are like Facebook, except for internal use.

If IDC is to be believed, then IBM is that the leader during this space. it's made IBM its worldwide market share leader in enterprise social software for the fifth straight year. Gartner’s latest Magic Quadrant on workplace social software also had IBM as a pacesetter, alongside Jive, Microsoft, and Salesforce. The Forrester Wave for social depth platforms had Lithium, Jive, Acquia, Telligent as its leaders. Meanwhile, IBM, EMC, and Box were the leaders in Forrester’s File Sync and Share Wave.

Enter the important social giant, Facebook…

In January 2015 Facebook launched a pilot version of its Facebook at Work tool. It uses familiar Facebook features just like the news feed, groups, messages, and events, but has been designed purely to be used within individual companies. Employees’ information isn't accessible to the surface world, including keeping it break away from their personal Facebook profiles.

The challenge for all social collaboration tools is the adoption

The challenge for all such tools is adoption. Employees won’t move far away from email until they need an alternate that's not only easy to use, but also provides immediate and obvious advantages. it's also a cultural thing. Unless you'll change the culture of a firm and obtain enough staff to use a replacement tool, it won’t be of any value. in any case, together with terms, it’s no use having a phone if there’s hardly anyone else to call.

The traditional enterprise giants have the advantage of knowing the enterprise computing market, having an installed base, and having the ability to integrate with their other corporate applications. Facebook however has the advantage that its tool is already familiar to almost everyone. It is also easy-to-use, secure, and available on desktop and mobile devices, alongside its complementary messaging tool, Work Chat.

Case study:

Advice may be a firm that gives a messaging platform that permits businesses to interact with customers and prospects on their website and on social media from one tool (Chat, VoiceVideo).technology degrees

 Its employees are all too conversant in social media and external collaboration. iAdvize was pre-selected to be one among the primary companies in Europe to require part within the private beta of the ‘Facebook at Work’ solution before its official launch. In July 2015 it started using the answer, and it rapidly became the company’s favorite internal communications tool.

More than 90% of its employees now use the business version of Facebook a day and generate a mean of 1,000 interactions on a day to day (posts, likes and comments).

Surveys is employed to enable employees to collect their colleagues’ feedback on different topics. Watch group has become the simplest place to share articles, research and other resources about news and trends associated with iAdvize’s market, and real-time customer engagement. like Facebook hashtags and tags to people optimizes the impact of posts. New staff at iAdvize can find all the knowledge about the mixing process and may also view the profiles of their new colleagues to figure out who’s who! And Events are employed to urge people together for an interview, a gathering or a company event. Key statistics are as follows:

Key figures:

More than 90% of employees use ‘Facebook at Work’ a day 

75% of employees use the ‘Facebook at Work’ mobile app a mean of 1,000 interactions each day 

113 groups are created since the launch

iAdvize Team is that the biggest group with 143 members the littlest is, unsurprisingly, The Matthieu group with 3 members on the average, 5 events are created monthly on ‘Facebook at Work’; international evenings, conferences, races, Movember events, the Christmas party and lots of more.

Examples of active groups:

Gong: where employees can share personal and team achievements with the remainder of the corporate – a replacement client, a successful deployment, a product innovation, the launch of a communication campaign, etc.

1 day, 1 customer: where employees post short customer success stories with a meaningful figure or fact.

The Genie’s tips: where anyone can share good deals – an excellent restaurant, a babysitter, a thought for a present, etc.

Newbies: where newcomers can find all the required information to assist them through the primary days/weeks/months (integration process, practical questions, etc.).

Product News: where you'll determine about all product evolutions and innovations.

The Genie Running team: where runners can organize lunchtime runs and plan group participation in official races.

In another recent blog “Expansion: up, down, left, right, forward or back – which way is best?” we glance at the six strategies that companies can use for expansion. The fifth of those “climbing the merchandise stack” requires you not only to know your own clients but to know their clients also, which isn't as easy because it sounds. Google tried to try to do this when it launched its own social platform, and that we all know Google+ wasn’t the success that had been hoped for.

If Facebook gets things right with Facebook at Work, because it appears to be doing, then the company technology players within the market will get to the lookout.

Time to quash the cloud myths

Gartner had it right when it said ‘cloud computing, by its very nature, is susceptible to the risks of myths’. Even in 2016, a fast Google search highlights that enterprises are still unsure about the perceived risks that come hand in hand with cloud computing.

Just a couple of the highest searches reveal a worrying lack of data surrounding the concept, with many still within the dark about ‘what is cloud computing’, ‘what is supposed by cloud services’ and therefore the ‘risks of using cloud computing’.

It’s time to urge obviate the fluffy stuff and dispel a number of the myths when it involves cloud. We’ve put together three of our favorites here.

1. ‘‘I won’t know where my data are being stored or if I’m being compliant’’

It’s great that folks are beginning to believe this – especially with changes to UK data protection rules coming in early this year as a part of legislation being standardized across the EU. With data breaches potentially costing businesses the maximum amount as 4% of their annual turnover, it’s an excellent time to be questioning the ins and outs of your data security.

With data transfers within the EU and shortly between the united kingdom and US under ‘Safe Harbour’ to become more tightly controlled, it’s important to form sure that you’re asking the proper questions. If your cloud provider is worth its salt, it’ll confirm you recognize exactly where your data is found and whether you’re staying within the law, wherever you’re operating.

2. ‘‘Sharing hardware and datacentre facilities with other customers may be a risk to my data’’

This isn’t true if you choose the proper partner. employing a platform like Amazon’s AWS for instance means you'll enjoy the company’s global expertise and rest assured that its technology is subject to the foremost rigorous tests and audits. The sheer size of the platform means Amazon can make significant investments altogether elements of security.

What meaning for businesses is that it’s often safer than on-premise hardware and may provide better datacentre security isolation than having a fanatical infrastructure. And, for the ultra-security conscious amongst us, you'll also look to dedicated hardware with full isolation.

It’s not that sharing hardware and datacentre facilities isn't a risk – but with platforms like AWS, it doesn’t need to be. Take the public cloud, for instance – users can access the info stored on their platforms. Numerous policies exist to make sure that this is often strictly forbidden. Add during a number of ‘at-rest’ encryption offers for data, and you’ve got a platform that’s about as secure because it is often.

3. ‘‘Being on top of things of my very own infrastructure will always make it more secure’’

Adam Selipsky, VP at AWS once said: “People think if they will control it they need more say in how things go.information technology security

 It’s like being during a car versus an airplane – you’re much safer during a plane.” The exact same perception exists in managing cloud storage infrastructure.

being fully control doesn’t necessarily mean you’re safer from it disasters

This opinion is usually held by CIOs in enterprise organizations, whose responsibility for applications and software naturally prompts them to think that keeping in-house control over their cloud computing will put them in a better position to secure their data.

But actually, relinquishing the management of that data and allowing a partner to store it for you means you’ll be embracing their huge level of experience, ability to satisfy tough compliance requirements, and guaranteeing a better level of availability and automation of services. And that’s all while retaining control of your data.

Upcoming changes in legislation, paired with a growing awareness of how cloud computing can tackle security concerns, help to redefine perceptions, and debunk the cloud myths that are holding businesses back from embracing it.