Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so how can organisations ensure they meet the requirements of GDPR?
The problem is nobody knows what sensitive information has been pulled out of various applications and databases over the years. As a result there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. Consequently, there will now be a sudden urgency to address privacy issues around information that is currently outside of IT's purview, because it is stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.
See also:
To achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. Adhering to the following five-step method will not help organisations identify unstructured insights, but will also put them in a position of power to protect GDPR-regulated data stored in both structured or unstructured systems, ensuring they meet the requirements of GDPR.
- Know where your ‘data landmines’ are buried. The problem is that nobody knows what sensitive information has been pulled out of various applications and databases over the years, so there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.
- Identify your weakest links: user identities waiting to be compromised. To achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. The best place to start is by conducting a thorough risk analysis and mapping of data and owners across the entire enterprise.
- Strengthen access controls to critical applications and databases. Once data and owners are mapped, organisations need to strengthen the controls that determine who has access to specific data - then organisations can take steps to secure it according to best practices. After all of these efforts, organisations must implement ongoing activity monitoring to improve risk migration and understand appropriate use.
- Sharpen your security strategy: think like a hacker. One certain way to meet these stringent GDPR requirements is by placing identity at the centre of security strategies. With the power of identity, businesses will have full visibility into who has access to what data, and insight into how that access is being leveraged, giving them the means to not only meet GDPR compliance and other regulatory requirements, but also to realise an overall improved security posture.
- Sit back and enjoy GDPR compliance! View GDPR as an opportunity to improve your security posture, provide better service to customers and strengthen your relationships with your business partners.”
Mark McClain, CEO, SailPoint
12 min read
