The Challenge

NEW CHALLENGES WITH PROTECTING PERSONAL DATA

The introduction of the EU General Data Protection Regulations (GDPR) from 25th May 2018 represents arguably the most important regulatory change in the Data Protection and Privacy landscape. The challenges faced by organisations in becoming GDPR compliant are exacerbated by the fast-evolving data privacy threat landscape; the increased frequency of data breaches; and Data Subjects increased wisdom on how they can use their new and enhanced rights against unprepared organisations.

Data Protection for the first time has been provided with sharp teeth to ensure Organisations take it seriously with fines ranging up to €20m or 4% of annual turnover for non-compliance. Organisations may also be forced to pay out compensation to individual Data Subjects or groups of Data Subjects who come together to seek collective redress through class actions and which exceed a fine from a Supervisory Authority. Further, the cost of the reputational damage suffered will often be the toughest challenge for an organisation to endure.

The challenges faced in becoming GDPR compliant are diverse and require a combination of the right technical solutions coupled with privacy expertise from a range of different backgrounds including Legal, Compliance, Information Governance and Cybersecurity. Kontex have an unrivalled team of experienced professionals who are experienced in some of the largest Information Security and Data Loss Protection (DLP) deployments across Europe. This is supported with a dynamic mix of experienced Data Protection Officers (DPOs) who can guide your organisation through the compliance journey from start to finish to establish a robust and defensible data protection program.

Prepare

Control Compliance Suite (CCS) Delivers Continuous Assessments and Risk-Prioritised Security Operations

Kontex can help your organisation prepare and get a better handle on your personal data and the associated risk. We offer a complete assessment of your organisations’ Data Protection and GDPR compliance position. This includes understanding how your organisation handles and protects personal data through the complete data lifecycle journey from: Collection -> Storage -> Usage -> Transfer -> Disposal.

One of the biggest problems organisations face is :

“How do we protect what we do not understand?”

The growth in data is at an all-time high and shows no signs of abating, compounding this lack of understanding. Inadequate visibility of data locations and flows is a major concern and according to the analysts at the Ponemon Institute, 36% of business critical applications are already in the cloud and IT departments are unaware of half of them.

Our solution in preparing for GDPR compliance includes experienced professionals assisting your organisation in interrogating and gaining an insight into your processing operations and discovering all of the personal data that may be stored in your organisation’s data repositories. This is the cornerstone of composing detailed records of processing activities as required by Article 30 of the GDPR.

As your organisation progresses in understanding the “what” and “where” of your data and associated risks, we offer a range of solutions that can automate the process of quantifying the risk.

Symantec Control Compliance Suite (CCS) delivers core assessment technologies that will provide your organisation with a picture of the key areas of risk that addressed.

Symantec Endpoint Manager provides a strong consolidated view of data that users collect, store and share, which can identify the individuals and human element that might be the greatest data privacy risks.

Symantec CloudSoc enables your organisation to gain visibility of data being shared with the cloud and deliver assessments and ongoing audit capabilities to assess the potential risks.

Symantec Data Loss Prevention (DLP) is a powerful tool across all privacy and security areas and is recognised as the industry’s best for identifying sensitive data in structured and unstructured environments with content-aware technologies, providing all of this information in a centralised console. It is effective whether personal data is at rest, in motion or in use.

Protect

Protection of sensitive personal data and critical company data across all of your organisations’ environment including data at rest and data in transit is vital. Among the best ways to prevent data from being misused or stolen is to render it illegible or inaccessible. Kontex can empower your organisation to protect all of your critical data and assets through a range of targeted practices and expert advice on encryption, anonymisation, data minimisation, and privacy by design and default practices.

Powerful information security technologies also play a key role. Symantec Data Loss Prevention solutions can execute policies to prevent data from being stolen by identifying when it is being shared or used in a non-compliant manner. Automating this process with DLP is one of the most critical areas where technology can help with data protection.

IDC estimates that by the end of 2016, 50% of customer data will be in the public cloud, compared to less than 5% in 2013, meaning DLP strategies have to support emerging technologies such as cloud and mobile. This includes consistently enforcing data loss policies across your entire environment and educating employees about safe data practices.

Authentication services like VIP can greatly improve an organisation’s ability to ensure that only the right people can access the resources where personal data is stored, and make identity/credential theft much more difficult.

Endpoint Encryption makes it possible to obfuscate all data being stored on a system, so that physical theft of a device doesn’t lead to the loss of data.

Cloud Data Protection protects personal data being shared in cloud applications by using field-level tokenisation and encryption to obscure that data.

Protection doesn’t just stop at helping your organisation prevent data from being stolen or misused: equally important is the ability to prevent threats like malware and other forms of attack penetrating or infecting information resources. Kontex assists in advising in industry leading Threat Protection technologies that deliver state-of-the-art security across a number of vectors and systems:

Symantec Endpoint Protection and Data Center Security offer an array of sophisticated capabilities to stop threats from compromising critical endpoints, which could lead to broader breaches.

Symantec Email Security, Secure Web Gateway, and CloudSOC offer market-leading protection against the two predominant threat vectors on premise and in the cloud.

Symantec Advanced Threat Protection uses sophisticated technologies to stop particularly advanced attacks across vectors and systems.

Detect

Organisations face a big challenge when it comes to detecting a data breach. It is important to be able to quickly detect a data breach has happened and understand its’ impact. It is as much about having the right technology in place, as it is having the right human expertise. Kontex have a dynamic mix of both and offer a range of services to assist from training and awareness of employees to recognise potential incidents, audits, environment monitoring, policies and procedures, and Privacy Impact Assessments (PIAs). We have experienced professionals who are able to help your organisation with ongoing monitoring and cyber expertise to detect breaches and identify what happened before, during and after the incident.

When it comes to identifying the signs of a data breach, the correct technology is essential in finding the obvious and not-so-obvious indicators of compromise that lie behind advanced persistent threats, and linking them together to show that a broader data breach has occurred, how it occurred, as well as what data and resources were compromised.

Symantec ATP and Unified Analytics offers fast detection of Advanced Persistent Threats leveraging correlation of inbound traffic events over multiple control points such as endpoints, networks and email.

SSL Visibility ensures that all of your security tools can detect threats and signs of personal data exfiltration inside of encrypted traffic, which constitutes a major share of an organisation’s traffic and has become a highly popular means of obfuscation.

Content Analysis System and Malware Analysis bring state-of-the-art detection capabilities to detect even the most sophisticated malware and exploits to ensure that they are dealt with before a breach can take place.

Respond

Kontex have experienced professionals on hand to deliver comprehensive end-to-end incident response policies and plans to allow organisations to respond immediately to a data breach and mitigate the impact. Responding to Data Subject Access Requests (DSARs), other data subject’s enhanced rights and liaising with the relevant Supervisory Authorities are typically included in these policies and plans.

Security Analytics technology is able to provide incident response teams with the full context of what happened before, during and after a breach; including how the breach occurred, what data was compromised, and what measures are needed to resolve it. This technology makes it possible to deliver all of the necessary detail to authorities well within the 72 hour notification period.

Unified Analytics is able to help organisations gain deeper visibility into their cyber security resilience, better gauge their cyber insurance risk, and identify key areas for improvement in order to improve their security postures and minimise their cyber insurance costs.

Get in touch

Kontex Security Ltd

T: +353 (0) 62 43937

E: [email protected]

United States:

345 Park Ave # 1702, New York, NY 10154, USA

Ireland:

Maynooth Works, Maynooth University, Kildare, Ireland