Blog

Reach for the cloud as GDPR compliance beckons

24 May 2018

The cloud is growing fast. So fast, in fact, that in 2017 it expanded seven times quicker than non-cloud computing, according to a report by global market intelligence provider IDC[1] with spending on cloud forecast to top $122bn. This is giving businesses an array of benefits, including financial, productivity and security over on-premise alternatives[2]. 90% of business leaders polled in a survey agreed that cloud-based collaboration improves efficiency, dexterity and innovation. So, is there a catch?

In competitive markets with lean margins, agility and efficiency make all the difference. GDPR will be yet another burden that distracts from the day-to-day focus on core business. In the security sector, some are still reliant on on-premise video-management storage solutions that will require increased investment in cybersecurity measures in-house to ensure the protection of Personally Identifiable Information (PII). With so much at stake, we discuss three areas where hosted video management (VSaaS) could assist in ensuring GDPR compliance:

1) Accessing the data – the importance of two-factor authentication

The main purpose of the GDPR is to increase the protection of PII. One of the first barriers a hacker must contend with when attempting to retrieve high-value data online is a password, so it is important this has been set-up properly. The problem is many physical security installers will set standard log-in details for all installations for speed, leaving the end-customer to implement new usernames and passwords themselves. If this vital step isn’t taken, once a hacker has cracked the code for one system they could easily break into other organisation’s systems with the same login details.

There are two ways to address this problem. The first is end user education - when deploying a new system, the customer should always change passwords and ensure these are difficult to crack. But this approach will always be open to user error and in the context of GDPR, could prove costly. The second, and more effective long-term solution, would be to give users the ability to deploy two-factor authentication such as a PIN, providing an additional layer of protection. The Morphean platform takes cybersecurity to the next level with heightened password security measures such as this, helping to ensure PII remains impenetrable.

2) Recording the audit trail – identify who is accessing your system and why

The new GDPR requires firms to keep a forensic copy of all communications entering and exiting an organisation. This is important to ensure the ability to demonstrate compliance with the regulation; without having a record of how data is handled, it will be almost impossible to effectively prove the correct procedures are being undertaken.

Generic login information will also create problems here. With on-premise systems, it may be difficult for a business, such as a retailer with many stores, to know who is accessing what data, when and how. This is because it may not be integrated with similar systems in other stores, meaning it is impossible to ensure an employee without the correct permissions, for example, won’t be able to access certain restricted information, which would be in breach of the GDPR. The Morphean platform addresses this by connecting systems in the cloud, utilising unique logins to ensure activity on a system can be attributed to a certain user.

3) The physical security of on-premise data

Storing PII on-premise creates another problem; what if the hard drive storing video data is stolen? While of course a physical security system, such as CCTV and access control technology, is designed to protect businesses from physical break-ins and thefts, if an attacker is also able to steal the hard drive video footage is stored on, it becomes incredibly difficult to identify the culprit and track any other stolen goods. This is a major benefit of a cloud-based video management platform as an IP-enabled CCTV system will save footage to the cloud, well out of view of prying eyes.

[1]https://www.networkworld.com/a...

[2]https://www.trackvia.com/blog/...