Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell explain how the upcoming General Data Protection Regulation (GDPR) will impact global security regulation for cloud data.
This is the final interview in a series of videos with Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell. The other videos may be found here:
- How Microsoft's Azure fends off 7 trillion cyber events per day
- How Relativity's automation defends Microsoft's Azure cloud
- Why Microsoft spends over $1 billion on cybersecurity each year
- How advanced analytics protect Azure from cyberattacks
The GDPR will be coming up in just a few months. TechRepublic met with Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell to discuss how can companies, big or small, can incorporate a cyberdefense strategy into a multi-cloud strategy, or a cloud strategy that will have to look at multiple policies and regulations dealing with how personal identifiable information is used and stored. Below is a transcript of the interview.
Rathbun: Today, it starts with classifying and tagging data and data streams, knowing where the information is and making that available, searchable and quickly able to be exercated as necessary to comply with the law. What we're moving to in the future is, one of the advantages of the cloud, is we really start pushing security into the data layer itself. So we start with that initial layer of tagging. We eventually get to robust data loss prevention solutions, conditional access solutions, attribute based access control solutions, where I can start saying, "This individual piece of information, like my social security number as an example, has inherit and intrinsic security capabilities baked into itself at the data layer that then effects what devices, what individual users, what applications are allowed to interact with it."
And that's part of the overall digital transformation and cloud migration story.
Fennell: The only thing I'd add on is just the governing side of it. I think that the question everyone has to indeed ask themselves, is becoming more prevalent whenever you have this kind of irregulation or compliance that comes out of you is where is your data and is it secure? And there's a huge aspect of governance that has to go into that. And that's why the tagging and being able to understand where everything is, is a great part of that.
- How to get your company on track to comply with GDPR (TechRepublic)
- GDPR coming in 4 months, but only 38% of UK businesses are aware of it (TechRepublic)
- Why US law firms will be affected by GDPR (TechRepublic)
- As EU's General Data Protection Regulation (GDPR) looms, tech vendors ready pitches (ZDNet)
- The General Data Protection Regulation (GDPR) (TechRepublic PDF download)