Object Storage for EU GDPR Data Protection
Two weeks ago, I blogged about the challenges of implementing technology to enable General Data Protection Regulation (GDPR) compliance, and last week, I explained how object storage enables compliance. In today’s blog, we will take a look at what should be considered the most important aspect of GDPR, which is of course “data protection,” and how best-of-breed object storage can help secure your data. More specifically, we will examine the features of Caringo Swarm Scale-Out Hybrid Storage that provide Data Protection Officers with the information needed to monitor compliance.
Data Protection Capabilities of Object Storage
“Data protection” is a key stipulation of GDPR, specifically protecting personal data from theft and unauthorised access. To achieve this, it is imperative that data access control is incorporated within the storage system. Here the challenge lies with traditional block storage, as data security is generally controlled by the file system. This makes it possible for anyone with the know-how to bypass the filesystem driver and access the data directly at the storage, thus bypassing any filesystem security. Caringo Swarm Object Storage was designed so that you can police all data access requests and require a valid login and password or security token. When this is implemented correctly, the possibility of unauthorised data access can be eliminated. Even in a worst case scenario (e.g., a client system is compromised), without valid storage credentials the intruder would remain isolated from all data stored within the Caringo Swarm ecosystem. Caringo Swarm’s inherent data security combined with advanced architecture protects your data from attacks utilising the likes of Meltdown and Spectre as well as ransomware attacks.
Data Encryption Brings Peace of Mind
Data encryption plays an important role in compliance as, over time, physical media such as disks will fail and be replaced. When it does, that failed media becomes a security risk. In the right hands (or worse, in the wrong hands), data can still be recovered from failed media. In fact, there are a number of companies that specialise in just this. Encryption at rest is included as a standard offering with Caringo Swarm. By enabling encryption at rest, you gain peace of mind knowing that even if your old media makes its way into the wrong hands, any data recovered from the media would be encrypted and useless to third parties.
Monitoring of the Proper Use of Data
Data Protection Officers overseeing the security of data is only the beginning of GDPR compliance. Data Protection Officers must also make certain that those who have approved access to data are really only accessing what they need to do their job at any point in time. It is well publicised that many of the highest profile data breaches have been inside jobs originating from trusted employees.
How can such inside breaches be avoided? The unfortunate answer is that often they cannot be avoided. Therefore, we must monitor what data is being accessed and by whom, looking for unusual data access patterns. Then, the Data Protection Officer must stop such breaches while they are still in progress and, hopefully, before any data is transferred offsite.
Monitoring Data Access Activity
Monitoring unauthorised data access attempts is critical in stopping possible data breaches in their tracks and before they have a chance to take hold. For example, if an unusually high number of failed data attempts are occurring, then its likely that data is being improperly accessed and immediate investigation is warranted so the perpetrator can be stopped. It is for that reason that Swarm Object Storage creates a real-time audit log of all data attempts, no matter if the attempt is successful or not. These logs can be ingested into analytics applications for data access monitoring, both real-time and historical. Such analytics can provide an organisation and Data Protection Officers with a powerful tool to not only monitor GDPR compliance, but also to alert the proper personnel in real-time when compliance is jeopardised.
Register today for our upcoming webinar on February 27, when Alex Oldfield, Solutions Architect, and I will present a webinar on the challenges organisations face and how Caringo Swarm provides a cost-effective solution to meet GDPR requirements and how Data Protection Officers can use Swarm to both monitor and enable compliance.
In the meantime, if you have any questions, you can always reach us at firstname.lastname@example.org. We will be happy to have one of our object storage experts answer your questions or give you a demo.