Solution Briefs

securing-physical-computing-infrastructure-for-gdpr-compliance-datasheet (1)

Issue link: https://resources.nlyte.com/i/1057142

Contents of this Issue

Navigation

Page 0 of 2

Securing Physical Computing Infrastructure for GDPR Compliance SOLUTION BRIEF SECURING PHYSICAL COMPUTING INFRASTRUCTURE FOR GDPR COMPLIANCE 0 1 Securing Physical Computing Infrastructure for GDPR Compliance The General Data Protection Regulation's (GDPR) primary intent and goal is to establish processes for the protection of personal data. The law provides explicit definitions defining personal data, how it can be used, and how it should be protected and managed. All (electronic) customer data resides on storage, is processed on servers, and accessed across a network. If you do not know where your customer's data is, or how it is physically being accessed, you are in violation of the GDPR regulation. Nlyte provides you the ability to track within the physical IT infrastructure where the data resides, how it is transported from storage, server, to end user, and who has interacted with that infrastructure. For some time, the focus of GDPR for most commercial businesses has been on housekeeping around the data itself: what data is stored in the database, who has access to it, what are the archival and removal processes in place. The IT infrastructure teams have, until recently, ignored their role in GDPR compliance. We are learning that the physical security of the data processing infrastructure is as critical as the digital management. The concern of physical infrastructure extends beyond an organization's data center, and includes colocation facilities, managed service providers, hosting services, SaaS vendors, and virtually any X-aaS vendor. GDPR holds you accountable for proper compliance regarding the personal data at your disposal regardless of where it resides. Not having a contract regarding data protection in place is an indication you don't know what your vendors are doing with your data. That presents itself as a more significant management issue about what infrastructure you're using and how you're treating the data. Vendor management under GDPR requires you to know how your vendors operate including their security framework and how they manage data. Without that knowledge, you don't know the risk they present. Nlyte provides discovery, asset management, and asset integrity monitoring. This combination of functionality is key in helping any organization track data at rest and the infrastructure used for that data. Nlyte provides a consistent mechanism for the tracking of assets within an organization which includes: the physical locations of the assets; usage of the assets; end-to-end lifecycle management of the assets, both physical and logical; manual and logical auditing of assets; connection into an organization's ecosystem/ITSM systems for the logical mapping of a "data subject's" (personal/ customer) data. The GDPR Fundamentals that Nlyte Tracks • Where is the critical data located, geographic location, devices servers/storage/network • Where is the data replicated, geographic location, devices servers/storage/network • What and if security tools are deployed on identified devices and enabled • Data breach notifications i.e. what "data subjects" data ran on what assets • Identification of secondary locations infrastructure for the safe handling of data transporting across borders

Articles in this issue

view archives of Solution Briefs - securing-physical-computing-infrastructure-for-gdpr-compliance-datasheet (1)