Professional Documents
Culture Documents
Basis
Privacy is a Human Right
Objectives
Protect citizens from abusive data usage by
data-controlling and processing organisations
Protect citizens from data breaches
Improved visibility and reduced cost of
compliance for organisations
GDPR Explained
What is GDPR? Why is GDPR important?
Foundation for how organizations protect, &
The largest set of corporate legislation since
derive value from sensitive customer information
employment law was introduced
Mitigate the risk of:
- lost customer confidence & sales
Consolidation & enhancement of existing Data - security breaches
Protection legislation - fines
- sanctions
- potential lawsuits
Mandatory by May 2018 Provides greater control & insight into customer
needs
4
What are organizations doing now?
Todays challenges
Current approaches to addressing GDPR are largely ineffective
GDPR is complex meaning organizations find it difficult to map technology
Most solutions are inflexible & cant automate activities on a large scale
Todays reality
Businesses are largely unprepared for the full impact of GDPR
Few organizations would be considered compliant today
Consequences
Less serious violations, the maximum is 10 million or 2% annual turnover (whichever is higher)
More serious violations, the maximum is 20 million or 4% annual turnover (whichever is higher)
5
Compliance is only one part of the GDPR story
GDPR
Revenue Generation
6
How HPE can help with GDPR
9
Proposed GDPR Information Governance Platform
Over-arching architecture for GDPR for long-term implementation
Unstructured
Apply GDPR Compliance
Classify
rules Legal / Audit
ControlPoint Dispose
Dispose ROT
Reduce Archive
Manage-In-place
Migrate to Cloud
12
Data mapping
Identify and index to understand your information landscape
Connect and identify repositories
Common data sources include:
File systems
MS SharePoint
MS Exchange
Notes
Hadoop
HPE TRIM, Records Manager & Content Manager
Index
Metadata only index (light index)
identifies redundant, obsolete and trivial data
Provides insight into data aging and business relevance
15
Automated records declaration
Ensure business critical content is managed appropriately
HPE ControlPoint
Shared drives Selects records based on declaration
policies linked to IDOL categories
Policy Auto-declaration
SharePoint
Categories
Filing Auto-classification
Categories
ECM systems HPE Content Manager
Allocates filing location based on
classifications linked to IDOL categories
Archives and automatic folder creation rules
16
Manage information across the lifecycle
With HPE Content Manager
DoD5015.2 security,
Desktop, SharePoint BCS or Matter Centric
SharePoint exposure Single instancing
& LOB integration Extensive security
Secure links Tiered storage
Manage-In-Place, Workflow, Approvals
Web publishing Retention policies &
High volume ingestion Reporting
triggers
The information lifecycle
External sources
18
The Automated Retention Management solution
Iron Mountain Policy Center HPE Content Manager
retention policy management system for records governance-based enterprise content
retention and defensible destruction management across the lifecycle of information
HPE
Desktop
Content Email
Manager
SAP
Custom interfaces
Finance &
HR
Property &
rating
Web
20
HPE Structured Data Manager
Enterprise Management for Structured Data
Performance Optimization Application Retirement Test Data Extraction Search & eDiscovery
Reduce data footprint & Decommission redundant Extract subsets of data for Index application data for free
storage costs applications use in application text search across silos
Maintain application Preserve access to retired development Identify and extract relevant
performance data Mask sensitive data sets of data for legal
Improve backup & recovery
21
HPE Structured Data Manager: how it works
Managed data
data
ingestion
delete overwrite delete replace replace
.
App1 App2 App3 App4 App n
23
HPE Information Management & Governance
Comply with confidence
Digital Safe
VM Explorer Verity Archiving
Investigative Analytics
Connected MX
eDiscovery / Legal Hold
Product mapping: solutions vs GDPR use cases
Use Case Pain Points HPE Solutions
Personal Data Assessment What and where is the information that will HPE ControlPoint
fall under these regulations? HPE Structured Data Manager
26
Data Security
data privacy by design and default
28
Traditional data security
Simplified Compliance
More Secure Analytics
Easier Move to the Cloud
Safer Back-End Storage
Field level, format-preserving, reversible data de-identification
Customizable to granular requirements addressed by encryption & tokenization
SST FPE
31
Mapping the Flow of Sensitive Data
4040 1234 1234 9999 4040 1234 1234 9999
Elen Smith Elen Smith
Mainframe
Database
CC
Processing
84% of breaches
occur at the
56% of organizations
have been the 45 Days
target of a Cyber Average time to resolve a
application layer Cyber Attack
attack
67%
of breaches
reported by a 60%
of Organizations
spend more time 10% Percentage of
malware alerts
and money on
3rd party reactive measures deemed to be reliable
Source: HP internal data, Forrester Research, Ponemon Institute, Gartner 35
Intelligent Security Operations
Proactively detecting and managing breaches
Key Points
Servers
# logs &
events Alerts Increase
Speed up
increases identified speed to
investigation
exponentially detection
ArcSight monitors, analyzes and detects threats and risks across organizations and enterprises
1: 2: 3: 4: 5: 6: 7:
Collect Normalize Enrich Store Search Detect Analyze
machine data from data from various collected data Years worth of with a simple and Anomalies and Identify and trace
almost any source vendors into a with taxonomy, data through a easy to use user cyber threats with the patterns of
industry network and high compression interface use cases threats or
accepted assets specific ratio of up to 10:1 breaches or even
common event details suspicious
format behaviors
Product mapping: solutions vs GDPR use cases (ESP)
Use Case Pain Points HPE Solutions
Encryption & Pseudonymisation How can I grow my business while ESKM (Enterprise)
ensuring sensitive data is protected? SecureData
How can I protect my brand and SecureMail
business reputation by neutralizing
damaging data breaches?
How do I manage the volumes of
sensitive data-at-rest?
Breach Response & Reporting How do I know if I have already been ArcSight, UBA & DMA
breached? SecureData
How to quickly know that a breach has SecureMail
taken place and enable the security ESKM
team to take steps to contain it,
recover and find the root cause.
Breach Prevention & Neutralization How can I neutralize the impact of a ArcSight
data breach? Fortify on Demand
How is it possible to protect my data Fortify Application Defender (FoD)
and neutralize the impact of data SecureData
breach, including the need for breach SecureMail
notification? ESKM
Why to chose HPE for GDPR compliance
HPE win points
Only tech firm backed by PwC as a leading provider for GDPR compliance
Our Security & IM&G software & expertise, uniquely positions HPE to prepare organizations for GDPR
Adaptive Backup & Recovery delivers greater information insight, simplicity, risk mitigation and cost
savings
HPE has market-leading archiving, eDiscovery and Structured Data Management technologies
39
Thank you
robert.lejnert@hpe.com
40