With less than 12 months before the General Data Protection Regulation (GDPR) is enforced, the clock is well and truly ticking. With today’s complex IT environments and cloud deployments, having everything in place on time is a real challenge. Especially to avoid a fine that can be up to 20M€ or 4% of global revenues. Surprisingly (or not), it has caught the attention of board members around the world.
Application and data security is not the least of the requirements reinvigorated by GDPR. The ability to deliver applications that are both ‘secure by design’ and adhere to the ‘privacy by design’ philosophy will be an incentive for DevOps teams. Such expanded teams will gain great benefits from the expertise of their security-trained members. They will also be able to leverage tools they have learned to master to:
- Encrypt data, both at rest and in transit,
- Enforce the authentication of rightful users to the applications used to access the data,
- Ensure the integrity of the devices used by those users to log to those applications,
- Proactively detect IT vulnerabilities to reduce the attack surface,
- Prevent attacks targeting the web applications serving this data, with a view to preventing identify theft and data leaks,
- Prevent attacks targeting the web services automatically consuming and computing the data.