“For GDPR compliance, the physical security of the data processing infrastructure is as critical as the digital management,” said Robert Neave, chief technology officer and co-founder of solution provider Nlyte Software. “The concern of physical infrastructure extends beyond an organisation’s data centre, and includes colocation facilities, managed service providers, hosting services, SaaS vendors, and virtually any XaaS vendor.”
For organisations to comply with upcoming regulations, Nlyte’s GDPR solution provides the ability to track physical IT infrastructure where the data resides, how those physical assets are managed and maintained, and who has made changes to those resources. With Nlyte’s GDPR compliance support, organisations handling EU citizen’s personal data within data centre facilities can gain compliance and peace of mind, aligned to specific provisions within the EU’s GDPR.
This is critical since the GDPR, the EU’s General Data Protection Regulation, has been established for the protection of personal data. The law provides explicit definitions defining personal data, how it can be used, and how it should be protected and managed. All electronic customer data resides on physical assets, and is processed on these assets, and accessed across a network. If any organisation does not know where its customers’ data physically resides, it cannot truly understand the risks posed by malevolent or non-malevolent events occurring to those systems.
Nlyte can claim it provides robust agentless IT discovery, asset management, and asset integrity monitoring throughout the asset lifecycle. This combination of functionality is key in helping any organisation track data at rest and the infrastructure used for that data. The GDPR solution provides a consistent mechanism for the tracking of assets within an organisation which includes: The physical locations of the assets; usage of the assets; end-to-end lifecycle management of the assets, both physical and logical; manual and logical auditing of assets; connection into an organisation’s ecosystem/ITSM systems for the logical mapping of a data subject’s (personal and or customer) data.
The solution provides support for processes related directly to specific articles within GDPR:
•Article 35, Data Protection Impact Assessment – through Nlyte Workflow. Workflow provides the ability to assign a data protection officer’s review activity within any IMAC data centre process. This includes a GDPR form supporting capturing the asset name, application name, and if the system is running or hosting customer data.
•Article 17, Right to Erasure (Right to be Forgotten) – Nlyte Asset Management provides the Controller the ability to flag/track the lifecycle of all assets that have been used for the storage or processing of data subjects’ (personal/customer) data.
•Article 58, Investigative Powers – Nlyte Asset Tracking, along with business applications mapped to Nlyte’s Asset Optimization database and support compulsory data protection audits. Nlyte Discovery provides asset integrity monitoring by ensuring all assets and applications are aligned correctly within the physical compute infrastructure. Additionally, it identifies any assets or applications that have changed in or out of authorised workflow and compliance standards.
•Articles 59, 33, 33a, Activity Reports, Data Breach Notification to authorities – Nlyte Impact Assessment Reports list assets that have been flagged for GDPR tracking, providing Executive Summary or Operation Drill-down views
•Article 45, Transfers on the Basis of an Adequacy Decision, International Companies – Nlyte lifecycle tracking of assets, and their moments between locations, provides accountability and compliance visibility and reporting.
“Recent outages and hacks exploiting vulnerabilities at the physical layer have highlighted some of the risks organisations’ data is exposed to in today’s digital world,” said Doug Sabella, Nlyte CEO and president. “For too long organisations have been exposed to potential power outages or known vulnerabilities with firmware/software on physical assets. The Nlyte GDPR solution will help mitigate these varied risks while also reducing the time to show GDPR compliance.”