On 25 May, 2018, the new General Data Protection Regulation (GDPR) goes into effect in the European Union (EU), with sharper teeth than any other compliance regulation to date. With tighter controls and higher penalties, the new law enforces data sovereignty like never before, forever impacting the way EU and multinational organizations handle private data. It’s likely GDPR will set a new standard that other regulatory bodies will be inspired and compelled to follow.
The impact of GDPR is broader than one may think. It applies to any organization that does business in the EU. Companies must ensure data sovereignty and provide the exact location of a client’s data at any point in time. It requires that corporations keep said data within specific geographic limits. The penalty for not complying with the GDPR regulations is a fine of a staggering 4 percent of overall, worldwide corporate revenue.
This restriction will have many companies considering their approach to data sovereignty and how to store sensitive customer data in the region. This may include seeking cloud-based solutions for remote coverage, as their data centers may not be in region or require upgrades to meet GDPR requirements.
Barriers to cloud adoption
The rapidly approaching compliance changes bring potential concerns for organizations looking to use the agility, scalability and efficiency of the cloud. As it stands, many cloud providers aren’t prepared for GDPR compliance and may not have the infrastructure needed to meet the new requirements. According to the June 2016 Netskope Cloud Report on readiness in the cloud, up to 75 percent of all apps used in enterprises are out of compliance with these impending rules.
When moving to a cloud environment, security and compliance of sensitive data is ultimately the organization’s responsibility. So how can organizations make use of all of the great benefits that come from cloud infrastructure without putting their sensitive data at risk and their auditors on high alert? They must implement security protocols such as policy tagging, privileged access controls, automated compliance templates, forensic logging, data geo-fencing, encryption and key management. Beyond just “checking the box,” security solutions should be easy to deploy, flexible and scalable.
Simplifying the path to cloud adoption
The challenges can seem insurmountable, but they don’t have to be.
IBM is proud to announce IBM Cloud Secure Virtualization, which is specifically focused on addressing the concerns of security and compliance for enterprises. Created on single-tenant IBM Bluemix bare-metal servers on IBM Cloud, it is the first cloud offering to leverage HyTrust and Intel TXT security technologies to solve for compliance by tagging and enforcing set policies, offering forensic logging and low-latency encryption (with Intel AES-NI) and key management. Enabled by Intel TXT, it uses geo-fencing at the microchip level to ensure integrity for the workload and contain its geographic boundaries. This ensures a client’s data is where it’s required and can’t be accessed by those without appropriate credentials.
IBM Cloud Secure Virtualization eases the path to cloud adoption with automation that ranges from deployment to ongoing management, supporting security policies and meeting compliance requirements – all with continuous visibility and control of the cloud environment.
IBM, HyTrust and Intel have teamed up to develop and launch this unique offering to deliver security and compliance in the cloud, addressing concerns and facilitating organizations’ adoption of the cloud and its inherent benefits. IBM Cloud Secure Virtualization will be offered in two different options, both focused on creating a secure, trusted environment for running production workloads, protecting client data and reducing audit risk.
It offers the agility and benefits of cloud while spanning many important verticals. Organizations can protect various types of PII data across healthcare, financial and retail segments. With the reporting capability offered by the HyTrust DataControl and CloudControl features, organizations have visibility and documentation of their environment status, thus reducing overall risk.
IBM Cloud has built a strong partnership with Intel and HyTrust to bring a comprehensive solution that not only reduces the barriers to cloud adoption, but does so with additional capabilities that help organizations meet GDPR requirements, as well as HIPAA, PCI and more.
Hybrid cloud environments give companies the best of both worlds. They offer the elasticity and operational expenditure of public clouds with the data sovereignty, security and control found in a private cloud environment. By combining the two, companies can allocate workloads to the environment that makes the most sense for them. As organizations build these […]
These days, it seems like hardly any time passes between headlines about the most recent data breach. Consider the revelation in late September that a security intrusion exposed the accounts of more than 50 million Facebook users. For that matter, not much time goes by without a new survey or study that confirms the difficulty of […]
Since the dawn of the internet, companies have been fighting to stay ahead of cybercriminals. Artificial intelligence (AI) and machine learning have made this job easier by automating complex processes for detecting attacks and reacting to breaches. However, cybercriminals are also using this technology for their own malicious purposes. More and more hackers are exploiting […]