Thank you to Cyphre for contributing this guest post to our blog as we focus on GDPR compliance!
Now that European Union’s General Data Protection Regulation (GDPR) is set to become law, companies must establish policies and technology controls to securely store and transfer personal data of any person residing in the EU. Data that can be used to identify a person, such as physical address, IP address, and more, as well as genetic data, information about religious and political views, sexual orientation, and more must be encrypted or made anonymous. Individuals have the right to erase their personal data by withdrawing consent or when it is no longer being used for its original purpose.
Elizabeth Denham, the UK’s information commissioner, says the GDPR “is a step change for data protection,” calling it “an evolution, not a revolution.”
Prospering in the post-GDPR age requires more than simply complying with the new rules. Corporate legal departments must understand whether, and how their enterprise collects, stores, and processes personal data. Obviously, data breaches have impacts beyond the fines that may result. Customer trust, business reputation, and the company’s stock value are also on the line. As Ed Tucker says at ComputerWeekly.com, “A true approach to data protection should be embedded into your business, strategies, transformation and commercial arrangements. This will lead to a far more mature stance, and with that comes compliance.”
Data encryption is a helpful tool, but not all techniques are created equal. Software encryption can leave keys vulnerable on servers. Also, if a hacker cracks a system that can legitimately access and decrypt data, that can create an attack vector.
The best path to GDPR compliance is wrapped in a general best-practices approach to data protection. Hardware-based encryption is crucial to achieving sustainable impregnability against attacks on data at rest or in transit. Using hardware-encrypted keys can ensure that if security keys on a host server are hijacked they are rendered useless, thus nullifying the threat. Chip-resident encryption keys are completely isolated from hacker exposure. Furthermore, integrating advanced encryption technology and Key Orchestration can provide the security controls needed to maintain data integrity while maximizing security at the most controllable, granular level.
Fornetix and Cyphre have teamed up to deliver technology-driven enforcement of the business policies and controls required by GDPR in enterprise cloud environments and IoT settings.
Cyphre’s technology prevents security gaps between the system layers, while the hardware offers strong cryptographic protections over software-only approaches. Fornetix Key Orchestration lets companies organize all their systems in a policy-based hierarchy, ensuring that only encryption keys that comply with the latest standard and are compatible are used.
Given the very significant consequences of any breach where personal data compromised, adopting a maximum technology security stance should be the top priority for all companies that store (controllers) or manipulate (processors) personal information of anyone living in the EU.
Cyphre, a wholly owned subsidiary of RigNet, Inc. (NASDAQ:RNET), is a cybersecurity company deploying disruptive data protection innovations by enhancing industry standard encryption protocols with our patent pending BlackTIE technology. Product offerings include Encrypted Cloud Storage and Enterprise Collaboration services, Secure Integration with IoT devices and applications, and the Enterprise Cloud Encryption Gateway. For more information, visit www.cyphre.com and follow us on Twitter: @getcyphre.
Are you ready to learn how you can ensure that your company is compliant not just now but for the future? Request a custom Demo and see how Key Orchestration can help.