Skyhigh Networks is marking the one-year countdown to the new General Data Protection Regulation (GDPR) regulation, with new management tools to understand GDPR compliance risks across shadow, sanctioned and custom cloud services, and implement controls to conform to the regulation. In addition, Skyhigh also made available a comprehensive eBook that outlines the steps organisations must take to comply with the new law, The GDPR: An Action Guide for IT.
May 25, 2017 will mark one year until GDPR’s implementation, which details how personally identifiable information (PII) on the EU’s 500 million citizens – and for anyone globally who handles data on EU citizens – should be managed. The new regulation will also introduce larger fines, expanded liability and stricter data protection requirements.
The new regulation has 99 articles and covers many forms of data risk. Being compliant to GDPR takes a mix of knowledge, processes, policies and training, as well as detailed understanding of data flows to and from cloud services, all coming from a “privacy first” IT philosophy. Skyhigh was one of the first CASBs to roll-out a GDPR focused solution designed to help businesses navigate this complex regulation, and today continues that global leadership with new offerings including: - A GDPR ‘Risk Rating.’ Businesses can view a GDPR ‘Risk Rating’ for every cloud service, allowing them to review the cloud service’s usage within their business and implement appropriate controls to reduce the risk of a compliance violation. The GDPR Risk Rating is based on more than 20 different cloud service attributes contained in Skyhigh’s Cloud Registry, weighted to reflect the importance of the GDPR’s requirements. Customers can implement a variety of controls, from blocking non-compliant cloud services to enforcing data loss prevention (DLP) policies, restricting external file sharing, logging usage data for investigations, and enforcing access control policies based on geolocation and device.
- Advanced encryption. Business can implement encryption for both structured and unstructured data with customer managed keys and ensure data is encrypted in jurisdiction. In addition, encryption policies can be configured or set up as a response action to any DLP policy for unstructured files and attachments.
- The GDPR: An Action Guide for IT. This 68-page eBook is intended to help IT leaders take the steps required to ensure conformance to the GDPR. It is intended to be a practical guide IT can use to review their current data and data handling methods, and to put in the appropriate policies, procedures and technical measures to conform to the GDPR. The GDPR: Action Guide for IT incorporates text from the GDPR, and includes links to the full published legislation, clarification on data protection rules and frequently asked questions compiled from GDPR education sessions over the last year.
“Given the complex requirements of the GDPR and its governance on where data goes, how it is shared and who can access it, businesses need to take a holistic approach to GDPR compliance,” said Anand Ramanathan, VP of product management, Skyhigh Networks. “With Skyhigh, businesses can confidently understand GDPR compliance gaps and implement necessary controls to address them across all cloud services – shadow or unsanctioned services, sanctioned services like Office 365, Box, Salesforce and Slack, and custom applications running in public infrastructure-as-a-service platforms.”