New regulations call for new solutions.
On 25 May, 2018, the new General Data Protection Regulation (GDPR) goes into effect in the European Union (EU), with sharper teeth than any other compliance regulation to date. With tighter controls and higher penalties, the new law enforces data sovereignty like never before, forever impacting the way EU and multinational organizations handle private data. It’s likely GDPR will set a new standard that other regulatory bodies will be inspired and compelled to follow.
The impact of GDPR is broader than one may think. It applies to any organization that does business in the EU. Companies must ensure data sovereignty and provide the exact location of a client’s data at any point in time. It requires that corporations keep said data within specific geographic limits. The penalty for not complying with the GDPR regulations is a fine of a staggering 4 percent of overall, worldwide corporate revenue.
This restriction will have many companies considering their approach to data sovereignty and how to store sensitive customer data in the region. This may include seeking cloud-based solutions for remote coverage, as their data centers may not be in region or require upgrades to meet GDPR requirements.
Barriers to cloud adoption
The rapidly approaching compliance changes bring potential concerns for organizations looking to use the agility, scalability and efficiency of the cloud. As it stands, many cloud providers aren’t prepared for GDPR compliance and may not have the infrastructure needed to meet the new requirements. According to the June 2016 Netskope Cloud Report on readiness in the cloud, up to 75 percent of all apps used in enterprises are out of compliance with these impending rules.
When moving to a cloud environment, security and compliance of sensitive data is ultimately the organization’s responsibility. So how can organizations make use of all of the great benefits that come from cloud infrastructure without putting their sensitive data at risk and their auditors on high alert? They must implement security protocols such as policy tagging, privileged access controls, automated compliance templates, forensic logging, data geo-fencing, encryption and key management. Beyond just “checking the box,” security solutions should be easy to deploy, flexible and scalable.
Simplifying the path to cloud adoption
The challenges can seem insurmountable, but they don’t have to be.
IBM is proud to announce IBM Cloud Secure Virtualization, which is specifically focused on addressing the concerns of security and compliance for enterprises. Created on single-tenant IBM Bluemix bare-metal servers on IBM Cloud, it is the first cloud offering to leverage HyTrust and Intel TXT security technologies to solve for compliance by tagging and enforcing set policies, offering forensic logging and low-latency encryption (with Intel AES-NI) and key management. Enabled by Intel TXT, it uses geo-fencing at the microchip level to ensure integrity for the workload and contain its geographic boundaries. This ensures a client’s data is where it’s required and can’t be accessed by those without appropriate credentials.
IBM Cloud Secure Virtualization eases the path to cloud adoption with automation that ranges from deployment to ongoing management, supporting security policies and meeting compliance requirements – all with continuous visibility and control of the cloud environment.
IBM, HyTrust and Intel have teamed up to develop and launch this unique offering to deliver security and compliance in the cloud, addressing concerns and facilitating organizations’ adoption of the cloud and its inherent benefits. IBM Cloud Secure Virtualization will be offered in two different options, both focused on creating a secure, trusted environment for running production workloads, protecting client data and reducing audit risk.
It offers the agility and benefits of cloud while spanning many important verticals. Organizations can protect various types of PII data across healthcare, financial and retail segments. With the reporting capability offered by the HyTrust DataControl and CloudControl features, organizations have visibility and documentation of their environment status, thus reducing overall risk.
IBM Cloud has built a strong partnership with Intel and HyTrust to bring a comprehensive solution that not only reduces the barriers to cloud adoption, but does so with additional capabilities that help organizations meet GDPR requirements, as well as HIPAA, PCI and more.
Share this post: