Let’s face it. When it comes to data compliance, we’ve been doing things the same way for an awful long time.
It’s claimed that Henry Ford said: “If I asked customers want they wanted, they would have said ‘a faster horse’.” There is pressing need to think differently, and challenge the traditional methods in IT – particularly in the year GDPR comes into force.
A long time ago you could be accused of being a heretic for suggesting the world wasn’t flat – and the same could be said of nowadays if I said data compliance could be made easy.
Data compliance and encryption have always been packaged up the same way, why change?
Well, the answer is simple…faced with a landscape growing in complexity, where it’s becoming ever more difficult to understand, people are looking for a way to do things differently, to do them better. This is a topic I recently explored at the first Hybrid IT Europe meet-up event in London.
In its simplest form, for the customer the premise of the cloud means you can hit a button and have something delivered straight away. That could be a pizza, a taxi, or in the IT world, your latest virtual machine from a cloud platform of choice.
Cloud has totally reset these levels of expectation in how quickly and affordably technology can be purchased and deployed. Data protection needs to follow the same format.
Assessing the compliance complexity conundrum
The challenge for organisations today is framed against the backdrop of the GDPR legislative hurdle, coming into effect on May 25th 2018.
You can see why people may be losing sleep at night. The enterprise of today has multiple borders, with multiple siloes; high management overheads and individual SaaS providers are fast becoming cryptography custodians.
As they try to redefine security, they’re faced with a loss of portability and control, an environment that’s prohibitive of investment, not to mention difficulties around defining a unified security policy…
Another headache in a Hybrid IT world is considering how to traverse the path to compliance and retain confidentiality of data when moving from on-premises to cloud. From our conversations in the market, enterprises tell us they want to retain control – and that they need to be able to define their own data policies.
Among the questions likely to be on the mind include, how to retain control of keys? How to ensure only one person has access?
If the organisation were to leave one public cloud provider, how can it be sure the provider deletes all the data? How can the data be secured in the way the organisation wants it? And how are those keys then secured?
And this complexity is only going to increase – it’s growing exponentially as our world becomes more interconnected. The Internet of Things (IoT), blockchain and the use of microservices will drive the use of keys and identities in different ways. It’s also worth considering that doing all of these on-premises just won’t be possible – owing to the complexity and the associated costs.
All these factors combined, it’s fair to say compliance is really tough!
A marketplace for compliance – the answer
In an enterprise, tech applications can be brought in to the fold through a ‘point and click’ marketplace model, very much mirroring what people experience in their life as consumers, as I described earlier.
The same thing is now happening for data protection.
People need access to applications so that they can do their job, while ensuring compliance, and it needs to be as simple as point, click, and deploy. On top of this, they don’t want to have to understand everything in the background – just that it will work as it should and make sure they are compliant. The technology itself then needs to set everything up for them and deploy the solution. It really has to be made that simple.
We see a great shift in the industry where companies are working with managed security providers – and now is the right time to deliver products to make that happen.
As we prepare for the future world where everything is part of a distributed infrastructure, data compliance has to be simple to deploy and manage.
In summary, here are five things I believe people should think about when it comes to data compliance within hybrid IT:
1) No-one wakes up in the morning wanting encryption – new compliance regulations and increasing number of breaches are driving need and NOT the need for more technology
2) Traditional security approaches no longer map to the market needs – instant and on demand service (not product) as well as ‘pay per use’ is the new norm
3) Need to trust someone – staggering shift to higher order services is putting trust in service providers and 3rd party software-based applications
4) A refreshed approach to security that provides CIAAA (Confidentiality, Integrity, Availability, Auditability, Accountability) for a new set of data and application owners – users want a “click to encrypt” model
5) A new way of doing data protection is here – encryption is becoming a natural part of the distributed network that will serve as the IT landscape of the future. Its’ three characteristics: efficient, easy to use, and transparent.
Want data protection on demand? Get in touch for more information on Gemalto.