Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 6 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Many CEOs Falsely Led To Believe Company Is GDPR Compliant

by The Gurus
November 12, 2019
in Data Protection, Featured
GDPR compliant CEO mislead
Share on FacebookShare on Twitter

Delphix, the data virtualisation platform, has found that companies in the UK are leading their CEO to believe they compliant with GDPR (General Data Protection Regulation), when they actually have significant amounts of unprotected personal data. This was revealed when Delphix spoke to custodians of data to hear what they have to say when it comes to balancing access to data with data security.

Companies today are rushing to be more digital and for many organisations that means innovating at breakneck speeds. It becomes easier for things to fall through the cracks, and development / testing environments become a security minefield as a result.

With so many loosely managed and often unrefreshed development and test environments out there – both on-premises and in the cloud – Delphix spoke to CISOs, CIOs, testers and developers1 at UK companies to find out the state of play at their organisations.

Compliance conundrum

A key finding that emerged was that many businesses are either unaware or worse yet, unperturbed by the non-compliance of their test data – despite GDPR having cemented its position as a key business consideration in Europe.

The Vice President at an organisation revealed to Delphix that they do not mark personal data at all. This alarming finding was further echoed when a developer revealed that he did not know if any of their test data is GDPR compliant at all.

Perhaps even more shocking was a CISO admitting to telling their CEO that the company was GDPR compliant, despite having terabytes of unprotected personal data in non-production.

Keeping it confidential

Another key finding pointed to how many unauthorised personnel within companies were privy to confidential information they shouldn’t have access to. From salary details to private employee details, sensitive personal data is often held in test systems – a recipe for an embarrassing data breach.

One developer Delphix spoke to admitted to finding out the salaries of everyone who works in Accounting because of unmasked HR data. Another developer echoed this with the revelation that the server sitting under their desk contained a multitude of data they should not have access to.

On the other side, it was revealed that those who should be aware of sensitive data were in the dark with a CISO of an organisation disclosing that he had no idea how to find all of the company’s sensitive data and was certain that the vast majority of it is completely exposed.

Speed is of the essence

When trying to get to the root of the problem, Delphix found that a key reason for these bad – and at times non-compliant – data practices was due to frustrated developers who require data fast but aren’t able to get them due to data environments being expensive and time-consuming to create.

A DevOps Engineer let slip to Delphix that he averages 100 Battle Stars on Fortnite while waiting for data. Meanwhile, a tester admitted to spending at least 1 day a week browsing the web because of the time they spend waiting on data.

This points to a significant issue amongst UK businesses today – private data is not being treated with the care that it should be and key decision-makers within organisations are completely unaware of this.

Word to the wise

“These confessions should come as a wake-up call to the C-suite” said Eric Shrock, CTO at Delphix.

“It is clear that the vast majority of top-level execs are blissfully unaware of how easily accessible their highly sensitive data is. Pair that with growing frustration amongst developers looking to acquire data quickly and we have the perfect recipe for disaster,” he added.

The vast majority of sensitive data in an enterprise exists in non-production environments used for development and testing. In fact, these environments represent the largest surface area of risk in an enterprise, where there are up to 12 copies for non-production purposes for every copy of production data that exists.

Businesses must therefore invest in enabling their development teams to build better software, both faster and more securely. Elements such as self-service data controls and data virtualisation can enable development teams to access a dataset whenever they need it, for the environment they needed it in – eliminating the need for a ticket-driven, request-fulfil model where teams have to wait on data for days on end.

FacebookTweetLinkedIn
ShareTweet
Previous Post

AI: A New Era Of Cyber Threat Intelligence.

Next Post

LinkedIn Accounts For More Than Half Of Social Media Phishing Emails In Q2 2019

Recent News

Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023
UK Organisations lack clear path to achieve threat intelligence

UK Organisations lack clear path to achieve threat intelligence

June 6, 2023
A Roadmap for Becoming a Penetration Tester in 2023

A Roadmap for Becoming a Penetration Tester in 2023

May 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information