Řada firem propadá kvůli blížícímu se zavedení GDPR obavám. Opatření proti zneužívání citlivých dat si ale nakonec nemusejí pochvalovat pouze ti, kteří informace poskytují, tedy klienti či zaměstnanci, ale i samotné firmy. Podle Jakuba Karvánka z FreeDivision už je na trhu řada nástrojů, které kromě splnění požadavků GDPR dokážou vyřešit spousty každodenních trápení v oblasti bezpečnosti a auditu IT.
“Many companies are frightened by GDPR, however the measures against the use of sensitive data may not only be appreciated by those who provide information (clients or employees) but also by the companies. Today, there are a number of tools on the market that, in addition to meeting the GDPR requirements, can solve many daily security and IT troubles,” Jakub Karvánek from FreeDivision explains.
The General Regulation on Personal Data Protection (abbreviated to the GDPR) will apply on May 25, 2018. The new EU Directive is primarily intended to prevent the misuse and leakage of sensitive data. The obligation to comply with the Directive applies to anyone who collects or processes personal data of customers, clients or employees in any way. So that includes companies, corporations, and tradesmen.
"In the case of the implementation of the GDPR Directive, smaller entities are likely to have a simpler solution. Larger companies with tens and more employees will have to choose more sophisticated approach, "says Jakub Karvánek from FreeDivision, a company that provides IT systems security.
What do you think is the biggest problem with this Directive?
I would say that it is the hysteria that has been created by the media. There are many voices against it but unfortunately you never hear that this is a forward move. The introduction of the Directive significantly reduces the risk of misuse of personal data, which is now relatively common. There is an increase in the level of rights for citizens who will have the right to ask the company concerned about the information that is being kept about them and its possible correction or deletion. So the first step is mainly about putting your documents in order, calming down and making changes gradually. Then you need to realize that nowadays there are available tools that can do a plenty of work themselves, but I would be cautious when choosing general-purpose methods.
What needs to be done now?
As I see it, especially with larger companies and corporations, the primary analysis of the state of their data handling, so-called GAP analysis, will have to definitely be carried out in order to find out who handle the data. Analysis also separates files with sensitive content from the rest. This will allow setting up proper data processing processes and, of course, protection. There will certainly be new internal directives and additions to existing contracts. We recommend transferring responsibility for the data from the company to users, because only they know the content and sensitivity of their data. Upon completing all the steps you will need to revise your data repositories, access rights, and the physical security of storing and archiving the data. However, as I mentioned above, there are very effective tools that will ensure that everything is in accordance with the regulations.
How does it work?
The specific Varonis system modules are implemented onto operational servers that are configured to collect the necessary metadata. The system has predefined rules that allow you to search for sensitive data within the current EU legislation. This is followed by ongoing metadata evaluation of files and user data in the manner that users are commonly used to work with. There are no user restrictions after the installation. Everything takes place according to the time schedule and before the expiration of the demo license, which is limited to 30 days, the system generates the necessary data, which is then added into graphs and tables that clearly and comprehensively describe the identified risks. If the client decides to continue to use Varonis tools, he can update the purchased license and then can continue to use full range of functions.
How does this solution differ from others?
The Varonis software solution offers automatic processing control. It is a technical and safety tool that cannot be functionally limited to only meet GDPR requirements. In addition to doing so, it efficiently meets ISO 27000 in the area of information protection, such as setting security goals and requirements, ensuring efficient security management, compliance with the regulations and rules, ensuring specific security requirements for specific organizations, integrating new information security management processes, compliance with the rules, regulations and standards adopted by the organization, provision of relevant information on the security rules, regulations, standards and practices to customers and business partners as well as to cooperating organizations.
A robust solution helps meeting the increased demands on cyber security in companies and corporations. One of the most important and key factors is the deployment of this system in the matter of days, even in the case of a large company with hundreds of users.
How does Varonis minimize staff costs?
Varonis will allow security people to quickly find folders and files containing sensitive personal data that are often scattered within enterprise file systems. For medium-sized companies, the number of potentially sensitive components and files is typically in the range of hundreds of thousands, and it is not humanly possible to manually identify these data repeatedly several times a year. Sensitive data discovery and their location is a great way to start a risk-reduction process. The Background Variable Engine from Varonis scans the file contents and is able to recognize the patterns of personal data identifiers - birth numbers, account numbers, e-mails, IP addresses, credit card numbers, and so on, and it also evaluates files based on the number of matches found. Varonis not only identifies sensitive data, but provides other key information that help minimize security risks (key information such as – who has the access, what are the levels of access, whether the data can be accessed by company employees and for what purposes can be used; are they subjected to another security mode and more). Due to the complex view of data in the company Varonis is a suitable technical measure that can be used to implement the organizational measures correctly and therefore meet the basic GDPR requirements.
About company
FreeDivision s.r.o. was established in 2005 and it focuses on sales and service of security and encryption tools.
The product portfolio is primarily focusing on hardware and software data security. On both the Czech and Slovak markets, we represent several world-wide manufacturers of security technologies. These specialized security tools help meet legal requirements and privacy standards such as GDPR, ISO 27 000, and more.
We currently represent these respected manufacturers: Varonis, Carbon Black, Crypto AG, Deep Secure, EgoSecure.
Our company is represented by a well trained and professional team of people who provide clients with individual approach, comprehensive service, consultation and support.
We are delighted to be able to include these companies among our satisfied business partners: Agentura pro podporu podnikání a investic CzechInvest, Česká agentura na podporu obchodu/CzechTrade, Česká obchodní inspekce, Institut plánování a rozvoje hl. m. Prahy, Komerční pojišťovna, a.s., AutoCont CZ a.s., Konica Minolta Business Solutions Czech, spol. s r.o., Ministerstvo průmyslu a obchodu, Statutární město Ostrava, Vojenské lesy a statky ČR, s.p.
For more information please visit www.varonis.com
reklama
