How to integrate cyberdefense tactics into a multi-cloud strategy to comply with the GDPR

Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell explain how the upcoming General Data Protection Regulation (GDPR) will impact global security regulation for cloud data.

How the GDPR will impact cloud security

This is the final interview in a series of videos with Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell. The other videos may be found here:

The GDPR will be coming up in just a few months. TechRepublic met with Azure Government CISO Matthew Rathbun and Relativity CSO Amanda Fennell to discuss how can companies, big or small, can incorporate a cyberdefense strategy into a multi-cloud strategy, or a cloud strategy that will have to look at multiple policies and regulations dealing with how personal identifiable information is used and stored. Below is a transcript of the interview.

Rathbun: Today, it starts with classifying and tagging data and data streams, knowing where the information is and making that available, searchable and quickly able to be exercated as necessary to comply with the law. What we're moving to in the future is, one of the advantages of the cloud, is we really start pushing security into the data layer itself. So we start with that initial layer of tagging. We eventually get to robust data loss prevention solutions, conditional access solutions, attribute based access control solutions, where I can start saying, "This individual piece of information, like my social security number as an example, has inherit and intrinsic security capabilities baked into itself at the data layer that then effects what devices, what individual users, what applications are allowed to interact with it."

And that's part of the overall digital transformation and cloud migration story.

Fennell: The only thing I'd add on is just the governing side of it. I think that the question everyone has to indeed ask themselves, is becoming more prevalent whenever you have this kind of irregulation or compliance that comes out of you is where is your data and is it secure? And there's a huge aspect of governance that has to go into that. And that's why the tagging and being able to understand where everything is, is a great part of that.

Also see

Image: iStock/Tanaonte