Tackling the GDPR Dell EMC Index Engines Webinar
2 likes450 views
The document provides an overview of GDPR compliance strategies, focusing on data protection solutions by Dell EMC and Index Engines. It outlines intelligent workflows to classify, search, and manage personal data while addressing common myths related to GDPR. The partnership between the two companies leverages technology to facilitate effective personal data management and compliance with GDPR regulations.
Tackling the GDPR Dell EMC Index Engines Webinar
- 1. Dell EMC and Index Engines Overview Tackling the GDPR: An Actionable Approach
- 2. Presenters Mark Sanders, Dell EMC Global Sr. Director [email protected] Jim McGann, Index Engines Vice President, Business Development [email protected] Jim Shook, Dell EMC Director, Cybersecurity & Compliance Practice [email protected]
- 3. Agenda ▪ Brief Data Protection Overview ▪ GDPR from an IT Perspective ▪ Quick Overview ▪ Common Myths ▪ Intelligent Workflow to Support the GDPR
- 4. Questions Questions Type in the Chat Area
- 5. Dell EMC Data Protection Solutions Quick Strategy Overview Mark Sanders–Sr. Director, DPS Global Technology Office
- 6. 6 Protection Strategy Agent Based App Direct Cloud Native DPaaS Open Systems Mission Critical Next-Gen Future Appliances Commodity Object Private Cloud Public Cloud Protection Infrastructure Protection Infrastructure As A Service Configure Build Run Workload Categories Protection Service Catalog Managed Self-Service
- 7. Dell EMC and Index Engines Partnership ▪ Dell EMC Data Protection ▪ 5yrs + relationship ▪ 100’s of customers ▪ Tape Remediation, Risk Mitigation, 3rd Party SW Removal and LTR to the cloud ▪ Index Engines – Offers More…. ▪ Supports classification, search and management of personal data ▪ Architected for petabyte class data environments ▪ Management of both primary and secondary data sources
- 8. GDPR from an IT Perspective Jim Shook – Director Cyber Security and Compliance Practice – Data Protection Solutions, Dell EMC
- 9. What is GDPR? The basics TheGeneralData Protection Regulation(GDPR)is a newlaw which establishesa singleset of rulesfor every EUMemberState to protect personal data.It buildsuponandupdates the current EUdata protection framework. Effective date It will comeinto force on 25 May 2018.
- 10. GDPR Shortcut Myths - Addresses only a very small part of GDPR - Unintended consequences Encrypt everywhere!
- 11. GDPR Shortcut Myths Can be a key component to a GDPR strategy - Retention, Security, Search, Access But: - Only addresses certain data and data types - Excludes processes Archive everything!
- 12. GDPR Shortcut Myths Addresses only cross-border transfers - Limits on who is eligible - Risk due to pending cases Privacy Shield
- 13. GDPR Compliance End-User Data Public Cloud Data Center Data Use/Consent, Minimization Right of Access Right to Be Forgotten Cross-Border Transfers Security Search / Access Audited Retention & Deletion Tape Deletion & Migration Mapping & File Intelligence Private Clouds/ Cloud Geos Professional Services Remote Offices Protect / Detect / Authenticate Data Focused View
- 14. Unstructured Content ▪ Large (Often petabytes) of unstructured data ▪ Generally little insight into content ▪ Personal data: names, email addresses, etc. ▪ Expired: Often no retention, can be decades old ▪ Need some insight to begin classification ▪ Age: Created and last accessed ▪ File types: Logs, photos, productivity ▪ Locations / Paths: HR, Legal, Marketing, individuals
- 15. Intelligent Workflow to Support the GDPR Index Engines Introduction
- 16. Challenges of the GDPR ▪ GDPR introduces an overwhelming information management challenge, however, today we are here to present an intelligent workflow that will make easier work of the GDPR.
- 17. Workflow Overview Classify •Understand and categorize data Search • Find in-scope data Manage • Execute defensible disposition
- 18. Classify Data Assets ROT Out Of Scope In Scope • Redundant, obsolete and trivial data with no business value • Migrate to Dell EMC cloud to simplify management process • Data with value that does not contain personal content • Eliminate from GDPR queries ~ 40% ~ 50% ~ 10% • More manageable sub-set of all data assets • The focal point of GDPR queries
- 19. Light Metadata Indexing ▪ Capture file level metadata including: ▪ Leverage metadata reports and analysis ▪ Who owns what data (by user, by department) ▪ Frequency of data access (active vs. inactive data) ▪ Type of files and location ▪ Volume of data by capacity and server • File name • File path/location • Owner • File size • Dates (Created/Modified/Accessed) • Extension • ACLs (Read/Write/Browse Permissions) • And more
- 20. Light Metadata Indexing Specifications ▪ High speed crawl of data sources ▪ File servers, email servers, SharePoint servers, etc. ▪ For backup data, the backup catalog ▪ Industry leading indexing speeds reaching up 8,000 files/sec/node ▪ Efficient index storage - ~1% of original data capacity ▪ High speed search ▪ Minimized indexing server requirements ▪ Linearly scalable for large scale environments
- 22. Personal data is widely defined to mean any information relating to an identified or identifiable individual (known as a “data subject” under the GDPR). Personal data may include name, physical address, email address, identification number, location data, online identifier, credit card number, or health information. Personal Data
- 23. Deep Indexing Specifications ▪ Deep index only in scope data, typically a small subset of overall data ▪ Efficient index storage - 5% of original data capacity ▪ High speed indexing up to 1TB/hr/node ▪ Support for federated queries and archiving ▪ Linearly scalable for large petabyte class data environments ▪ Supports both network data, and legacy backup data assets
- 24. Flexible Search to Support the GDPR ▪ Comprehensive, flexible search options The combination of these extensive search options will allow you to find all personal data under management with considerable precision Type of Search Description Keyword Known strings such as: Name, address, TaxID, etc. Pattern Sensitive Information such as: Bank routing, social security, credit card numbers, etc. Concept Personal data that doesn't fall into above categories and can only be discovered through machine learning algorithms
- 25. Defensible Disposition of Data Assets ROT Out Of Scope In Scope • Purge or migrate to Dell EMC cloud • Will prove to deliver ROI to your preparation for the GDPR • Ignore • Monitor for future changes and requirements ~ 40% ~ 50% ~ 10% • Manage based on policy • Monitor in place, migrate, or archive
- 26. ROT Clean Up ▪ Minimize data assets by cleaning redundant, obsolete and trivial data ▪ ROT clean up will create a compelling ROI ▪ Reduce storage footprint and ongoing capacity upgrades ▪ Reduce data center infrastructure, including data protection costs ▪ Eliminate risk and exposure of unknown legacy content ▪ Most organizations can realize up to 40% ROI ▪ Fully loaded costs storage: Forrester: $955,500/100TB IBM: $4M/1PB ▪ Delete ROT or migrate to Dell EMC/Virtustream cloud storage (1PB of cloud storage < $360K/yr)
- 27. Migration and Archiving Features ▪ Build and store data policies to support disposition: ▪ Migration to new repository including the Dell EMC cloud ▪ Deletion of data with no business value ▪ Integrated archiving on disk or cloud ▪ Defensible process ▪ All migrations are logged for defensible audit trail of disposition ▪ As data is migrated all metadata remains intact
- 28. Security Features ▪ The GDPR mandates strict notifications and potential fines for data breaches and attacks on personal data ▪ Examples of Index Engines capabilities: ▪ Find documents containing personal information ▪ Use Activity Logs to determine who has accessed these files to find potential rogue employees ▪ Use Access Control Lists (ACLs) to determine who has read/write/browse permission for sensitive files ▪ Proactively clean up sensitive data so it does not breach the fire wall
- 29. Dell EMC Supporting Technologies for GDPR Right of Access Data Erasure (Right to be forgotten) Data Minimization / Retention Cross-border transfers
- 30. Next Steps Contact Dell EMC and Index Engines for a GDPR Readiness Assessment Dell EMC: [email protected] Index Engines: [email protected]