In May 2018, the General Data Protection Regulation (GDPR) will come into effect, significantly increasing the burden of responsibility on all companies that process personal data. The purpose of the new regulation is to protect and empower EU citizens’ data privacy and rights among the 28 member states. It will also reshape the way organisations across the region approach data privacy. Its implications are far reaching, as it doesn’t just apply to companies that are based within the EU but also those that provide goods or services within it.
Data breaches – either unintentional or as a result of malicious activity – have become increasingly common in recent years with some very high profile businesses counting direct losses measured in the millions. Big names impacted in 2017 include Equifax, Uber, and the UK National Health Service (NHS), according to Gemalto’s Breach Level Index, with sectors such as Financial Services, Health Care and Retail at the highest risk.
But it’s not just the reputational damage and lost customers that lead to direct financial impacts – averaging $3.62m per breach in 2017 according to Ponemon and IBM research. The fines for lack of GDPR compliance can run to 4% of a company’s revenues, meaning no organisation can afford to ignore the threats to personal data security or the implications of GDPR.
However, Gartner predicts that “By the end of 2018, more than 50% of companies affected by GDPR will not be in full compliance with its requirements.” * meaning the majority of organisations affected still have a lot of work to do.
Expanding on existing best practice legislation that has existed in the Netherlands since 2016, GDPR extends this to the whole of the EU with new provisions for encryption. In particular:
- In the event of a data leak or breach, businesses will be required to notify affected individuals unless the compromised data is encrypted or otherwise unintelligible to third parties.
- Failure to comply with the necessary precautions in conjunction with a subsequent data breach may result in fines up to 4% of company turnover.
Yet according to statistics from Gemalto’s Breach Level Index, in 2017 only 4% of breaches were ‘secure breaches,’ where encryption rendered the stolen data useless.
When it comes to meeting the security challenge, the first part of the solution is to embed good working practices, security protocols and standards across an organisation at every level. The second part is the effective deployment of technologies, such as encryption to make the information platform as secure as possible.
The continuing trends towards adoption of cloud computing and storage means ever larger data volumes must be secured at rest. The backbone network is a key focus area of any security and encryption solution, so data can be safely transmitted from one facility to another. A recent Risk Advisory from Deloitte notes that the GDPR formally recognises the privacy benefits of encryption, including an exemption from notifying individuals of data breaches when data is encrypted. However, this does not mean that organisations can afford to be complacent, and the exemption may not apply when weak encryption has been used. Given the potential fines, organisations have further impetus to increase their focus on a robust information and cyber security regime.
So, as well as protecting data as it traverses the network, encryption solutions need to be cost effective, scalable and flexible. This is to ensure that high levels of performance can be maintained in the face of business changes or increasing network demands.
Always on encryption
The advanced encryption feature of Colt Private Wave provides highly efficient, ‘always on’ encryption to all the services that traverse a high capacity optical backbone link. Operating at Layer 1, it transfers data at wire speed without compromising latency or bandwidth performance and allows additional high bandwidth services such as 100G Ethernet and Fibre Channel to be added easily and seamlessly to an encrypted link. Embedded on the optical layer, it’s cost effective with minimal additional power and space requirements. One of many advantages of a Layer 1 optical solution is that all higher-layer traffic streams that traverse it become encrypted by default, without the need to add additional encryption devices to each higher layer service. Colt Private Wave delivers encryption as part of a solution based on a customer-dedicated infrastructure, thus ensuring the highest levels of security and operational separation. With over 12 years’ experience and over 4,000 services delivered to a wide range of blue-chip clients, Colt has a reassuring track record in the delivery of high capacity private optical solutions for backbone, disaster recovery and network consolidation architectures.
To further support customer demands for security and privacy in 2018, particularly for inter-data centre traffic – which Equinix claims is where traffic levels are accelerating fastest – Colt will launch encryption as a feature for standard Metro, National and International Wave services such as 10Gbps LAN PHY and 100G Ethernet. Following a major upgrade in 2016-2017, the Colt IQ Network has enabled over 120 leading-brand data centres across Europe, Asia and the USA with high capacity optical equipment, with onward access to over 800 data centres globally, underpinned by its wholly-owned metro and long-haul fibre assets.
Nigel Tromans is Product Manager, Wave, at Colt
*Gartner Press Release, Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation, May 3, 2017, https://www.gartner.com/newsroom/id/3701117