There is nothing like a looming deadline to get people motivated. For the General Data Protection Regulation (GDPR), May 25th 2018,is that deadline and it’s less than four months away.
A sweeping new data privacy regulation, GDPR will soon come into effect across the European Union (EU). In practice, however, it affects any company or organization conducting business or operations in the EU (whether through a physical presence there or offering good and services to EU residents) who collect and process EU residents’ data. Its goal is to better protect and empower EU residents’ data privacy, and it represents the most significant change in data privacy laws in over 20 years. For businesses too, it will be a watershed moment in how they process, handle and manage data, with heavy fines on the table for non-compliance.
In truth, regulations such as GDPR are long overdue. With cybersecurity attacks at an all-time high and reports of major data breaches arising with increasing frequency (one need look no further than the high-profile privacy breaches at Equifax, Yahoo, Uber, Ashley Madison, etc.), more needs to be done to protect personal data.
So where are companies to start when thinking about GDPR compliance? As suggested by the millions of results from a simple ‘GDPR’ google search, there is no quick answer. It’s important to remember that every company is different and each should take the time to understand the new regulation, determine how it impacts them, and assess their readiness to comply. There are many variables to consider, including the products and services offered, types of personal data collected, processing activities undertaken, and IT infrastructure used that can influence the compliance roles and responsibilities under the GDPR.
One important area to focus on should be the network (both public and private). Most companies have a complex network (perhaps multiple networks) made up of myriad wired and wireless networking equipment (switches, access points, access control solutions, servers, etc.), which process and sometimes store personal data. Customers often ask: ‘isn’t it the responsibility of the networking vendor to ensure their equipment has privacy by design?’ To answer this question, let me use a simple analogy. When someone purchases a house, by default it comes with locks on doors and windows, perhaps even a home security system. The homeowner is responsible for when to turn on the security system and open doors and windows. The network is no different. Yes, data privacy capabilities are built by design into networking products, but how the network’s owner/controller configures it directly influences the level of security and, ultimately, compliance.
How Extreme Networks can help
Can you tell if your network configuration is putting you at risk of GDPR non-compliance? This is where Extreme can help. Extreme Management Center v8.1 helps organizations assess their network security, and therefore GDPR compliance, through a series of tests and audits that focus on evaluating the configuration of Extreme devices. Extreme’s Information Governance Engine (IGE) inspects whether a device has been configured in the appropriate way, identifies potential areas of ‘softness’, and offers possible remedies—for example, changing default user IDs and passwords or shutting down ports.
Does this guarantee that a network is secure? Of course, not – no vendor can do that. However, Extreme’s Information Governance Engine provides the visibility and real-time information organizations need to operate their networks securely—a key step on the road to GDPR compliance. And with IGE v8.1, the GDPR compliance readiness audit extends to networking products recently acquired through the Avaya Networking acquisition, such as the Ethernet Routing Series (ERS) and Virtual Services Platform (VSP) switch portfolios. The more Extreme products you have in your network – the more value we can bring.
Don’t stop at just GDPR compliance
While the impending GDPR deadline is great for drawing attention to data security and privacy, it is important to not lose sight of the many other aspects of security and compliance beyond GDPR. As companies evaluate their business practices in the lead up to the May deadline, it is a great time to ask ‘what more can I do to enhance security and compliance?’
Here at Extreme, we are continually working on innovative solutions that bolster network security and ease our customers’ compliance burden. Learn more about how we can help protect your enterprise by implementing multilevel security capabilities that simplify access control, enable new levels of network segmentation and isolation, and allow you to detect and respond to threats promptly.
Extreme’s industry-leading solutions, such as Information Governance Engine, ExtremeControl, Extreme Fabric Connect, ExtremeSurge, and Extreme Air Defense break new ground by enabling enterprises to mitigate the tradeoffs between security, cost and agility.