The EU Commission has further modernized the rules for the data economy. The record fines from the GDPR over the past ten months reveal that companies are already overwhelmed when it comes to complying with existing rules.
The task becomes more difficult as new regulations are added and the amount of data grows. It's time for companies to fundamentally rethink their data management to finally regain control and contain compliance risks.
GDPR: Already a fine of 1,6 billion euros
Around 1,6 billion euros is the sum of all the fines that have been imposed on companies since the introduction of the EU General Data Protection Regulation (GDPR) on May 25, 2018. Organizations from around the world have been penalized for violators. In the past 12 months alone, European data protection authorities have imposed severe penalties on five prominent American technology companies. These five cases represent fines of more than 1,2 billion euros.
The number of reported violations of the GDPR has also increased faster than ever in the same period from 639 to 1037. When the ordinance celebrates its fourth anniversary on May 25, 2021 will set records for fines. Anyone who had hoped for a more lax interpretation of the guidelines because of the pandemic will be surprised.
Over 1.000 reported violations
During this time, other strong trends have emerged. Rapid digitization, the pandemic and remote working as a quick and smart answer to this have created more data in more and more places. Companies are obviously no longer able to keep up with this explosion of data and data silos, especially since the general conditions are changing again.
In March, Ursula von der Leyen, President of the EU Commission, and Joe Biden, US President, jointly announced that they would adopt new regulations for transatlantic data traffic. When this Trans-Atlantic Data Privacy Framework, also known as the "Privacy Shield 2.0 Agreement", will come into force as the new legal basis has not yet been decided. But this rule will also have an impact on how companies with international business handle their data, how they process, transfer, store and archive personal data. And just a month earlier, the EU Commission presented new approaches with the "EU Data Act" to regulate the data market in Europe.
View of the data distorted
Many companies have their data spread across many locations. And as the number of breaches shows, they are finding it increasingly difficult to manage this archipelago of proprietary isolated islands of data. IT teams must devote significant time and resources to addressing governance, archiving, and compliance issues. The distorted image causes a number of glaring problems that grow with the amount of data and the number of regulations. In this way, it is almost impossible to see whether data is redundant, whether critical personal data is stored in risky locations or whether it has been overlooked in the backup plan.
A company can get these islands under control with processes and individual tools, but must reckon with high infrastructure and operating costs, a lack of integration between the products and increasingly complex architectures. And it is questionable whether in such a fragmented environment all data is protected from ransomware and whether important tasks such as rapid recovery can be implemented in the time and quality required to keep operations running.
Wolfgang Huber, Regional Director DACH at Cohesity, therefore recommends that companies break away from the archipelago and look for a next-generation approach to data management. On this basis, companies can break down and merge data silos and radically simplify complex architectures. All data stored in it can be managed much more strictly according to compliance requirements and better protected against ransomware.
Realize the value of the data
Businesses need to know what data they own and what value it has. Only then can they answer questions of governance and compliance and, for example, control that certain types of data are not allowed to leave certain storage locations. And they have to have a precise overview of who can access this data in order to discover overly privileged users, for example. And they can use AI/ML technology to detect unusual backup or access patterns, or other anomalous behavior. These indicators help to identify possible internal and external attacks such as ransomware at an early stage and to initiate countermeasures.
Gain a unified view of the data
Ideally, all these functions and the overview of the data landscape can be accessed via a console that only authorized users can access thanks to multi-factor authentication and access control lists - regardless of whether the data is in a hybrid cloud or in one SaaS service are stored.
Establish resilient infrastructure
The data itself should be brought together in a central data management platform, ideally based on a hyperconverged file system, which scales up and takes the Zero Trust model even further. In addition to the already mentioned strict access rules and multi-factor authentication, the platform should create immutable snapshots. No external application and unauthorized users cannot change these snapshots.
Companies should strongly encrypt the data both during transport and storage so that they are better protected against manipulation attempts and cyber attacks such as ransomware.
Data management as a service
Some companies today don't want to handle tasks entirely themselves, whether because they shy away from the investment, their IT teams want to focus on other more important tasks, or they are simply looking for help. In these cases, you should rely on a provider that offers so-called Data Management as a Service (DMaaS). This portfolio of Software-as-a-Service (SaaS) offerings is designed to provide radically simple ways for enterprise and mid-market customers to secure, manage, and analyze their data.
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.