The impact of GDPR: Privacy and protection by design and default
The initial impact of the General Data Protection Regulation (GDPR) is only weeks away, with many companies still facing a significant amount of work to be in full compliance. Among other things, how companies design and configure their network will be key to ensuring GDPR compliance. This is because the GDPR will require data protection by design and default, which effectively means IT and network managers will need to implement appropriate technical and organisational measures in order to secure personal data. Doing so will be crucial for their companies to avoid the obligation to have to notify a breach, which, needless to say, can cause irreparable harm to a company’s business and reputation.
The GDPR will require data controllers and data processors (in effect, their IT and network managers) to implement appropriate technical and organisational measures in order to protect the personal data in their custody. This means configuring and operating your network to facilitate data protection, will become imperative for GDPR compliance.
Network design and configuration for data protection
At the very minimum, a firewall can be your front line of defense against cyber-attacks that can cause personal data breaches. However, maintaining perimeter security has become a major challenge because firewalls themselves can become an unwitting security risk if not managed effectively. A managed firewall mitigates this risk by ensuring that it is constantly monitored, configured, maintained and upgraded by experts.
Colt’s range of managed firewall services are designed to meet various security needs, from protecting the Internet access of a single office, to protecting multiple sites on an IP VPN, with different technologies to meet operational requirements and balance performance against cost.
Colt’s managed firewall services options include physical infrastructure dedicated to a single customer or a virtual firewall, which delivers the benefits of physical firewall but in a more cost-effective way because virtualisation of the firewall enables fast provisioning, unlimited scalability and eliminates the need to maintain a physical network appliance.
Encryption as a defence against data breach
Effective network security, however, relies upon multiple layers of defence, not just at the edge and core of the network but also along the network path. While much of the focus on security is on users and applications, protecting in-flight data as it travels across the network is a critical part of a holistic security strategy. Therefore, network encryption should also be considered a necessary element as part of a comprehensive approach to data protection in combination with other measures such as a firewall.
Optical encryption is available as an integral part of Colt’s Wavelength (“Colt Wave”) and Private Optical Networks (“Private Wave”). Fully transparent to Ethernet, IP and other network protocols, it provides the very highest levels of performance and security. Optical encryption is embedded in the optical hardware for maximum security and performance – therefore it is ‘always on’. Any traffic that has to traverse the optical backbone becomes encrypted by default, reducing the risk of exposure through interception and without incurring any latency “penalty”. The customer retains full control over their own encryption keys, supported by dedicated secure access for encryption key management.
With so much data also being transported by voice, it also makes sense to reduce the potential of this medium as an attack vector. Colt’s voice encryption provides additional security for your voice services, including both SIP signalling encryption and audio encryption, both of which provide confidentiality and message integrity for media streams.
To find out more about how Colt’s services can be used as part of your GDPR compliance strategy, please click here.