Is Your Application Environment Ready?
Data Privacy regulation is top of mind this semester with the GDPR enforcement in Europe coming into effect May 25th, 2018.
Most companies doing business with the EU have to perform an assessment of their current applications and data policies to make sure they are going to be compliant. This is a burdensome and tedious task if done manually. How do you use automation and maximize the efficiency of this process? This is what we discuss in this presentation.
2. 01
02
03
Venture-funded start-up focused on Cloud
Automation and Orchestration. Managing
$Billions in Infrastructure.
Delivers “Cloud Sandboxes” - Replicas of
production environments delivered as-a-
service.
Strong Innovation DNA – Trusted by customers
Worldwide. Managing millions of Infrastructure
elements
About Quali
2
150+ customers – Cloud providers, Telcos, Enterprises
– across FSI, Retail, Healthcare and Government
~120 employees in USA, Israel and Europe focused on
serving customers worldwide150+
3. Agenda
1 GDPR: Intro and Implications
2 Application Certification Approach with Cloud Sandboxes
3 Demo, Q&A and Wrap-up
4. What is the Global Data Protection Regulation
(GDPR)?
• New Rules governing Data Privacy
• Comes into EU law May 25th 2018
• Applies to all companies processing
personal data of all EU subjects
• Heavy penalties
• Breaches must be notified within 72 hours
• Greater data transparency
• Data minimization
• Privacy risks will need to be analyzed
5. Why GDPR?
• Personal Data Breach in the News
• Plugs gaps in the current Data Protection Directive (DPD)
• Directive vs Regulation
• Extend beyond the EU – affects all EU subject personal data
• Incentivize rapid notification of data breaches - stiff penalties
• Extend right to have personal data deleted - include published web data
6. Implications for Enterprise Application Development
Privacy by Design
• Build privacy
from the ground
up (greenfield)
• Application
retrofit
Cyber Security
Testing
• Avoid data
breaches in the
first place
• Test
environments
must accurately
reflect the
production state.
Compliance of
DevTest Processes
• Restrict access to
personal data
• Data
minimization
• Demonstrate
auditability
7. Crossing the GDPR Certification Hurdle
Agility vs. Certification and Compliance.
8. Continuous Testing Enables Velocity
Start coding
Servers
delivered
IT builds Dev/Test
environments
Request Dev/Test
resources from IT
Project starts
Gather requirements
Prioritize work
IT kicks off
procurement Deployment
Performance
testing
Testing
Bug fixing
Production
10. 10
“Bank of the Alps”
A Sample Case study on
Application Modernization
and Certification
11. Bank of the Alps: Business Strategy
Experience
Trust
Improve online & in-bank experience
Millennials engagement strategy
Provide advice not just transactions
Banks must securely manage data
12. BANK OF THE ALPS – Modernize Financial Loan
Application
CXO – “No Compromise to Security and Compliance”
Banking
Application
Remote Employees Bank Customers
External End Users
Internal Employees
Internal End Users
Modernization Requirements
1. Develop application using cloud
native distributed architecture
2. Integrate banking application with
CRM SaaS service
3. Meet Functionality, Performance,
Security, and Regulatory (GDPR)
compliance
BANK OF THE ALPS
14. Challenges
Delay
Cost
How to manage privacy concerns without delaying business
Industry average: 8 week delay in selling products and services
Data breaches translate to costly legal actions and loss of customer trust
General Data Protection Regulation penalties up to 4% of Global Revenue
15. Application Certification: Practical Approach
• P/V Infra.
• Applications
• Database
• Tools
• Service
• Drag-n-drop
MODEL
• Discovery
• Configuration
(P/V Infra.,
Applications)
• User to group
mapping
INVENTORY
INFRA/APP OWNER
• Publish self-
service
catalogs
• Workflows
• Standardized
CREATE
BLUEPRINTS
BLUEPRINT DESIGNER
AUTOMATE &
ORCHESTRATE
• Reserve and
Deploy
• Active
Environments
“Cloud
Sandboxes”
• Deploy on any
cloud
BLUEPRINT CONSUMER BLUEPRINT CONSUMER
BI &
ANALYTICS
• Visibility
• Costing
• Utilization
• ROI
INFRA/APP OWNER
6
WORKFLOW
CONSUME
• Single pane of
glass
• One click RDP
and SSH
• API Access
• Tools
16. Quali CloudShell: Introduction
BLUEPRINT
Applications Data Test Tools
Physical Infra. Virtual Infra. Services
Blueprint Modeling Automation & Orchestration
Built-In Networking Blueprint Catalog
Model and Automate Business Intelligence & Analytics
End User Portal
REST API
DevOps Plug-Ins
Bare Metal
InterfaceEnvironmentFeatures
17. Blueprint Components for Loan Application
Applications Data Test Tools
Physical Infra. Virtual Infra. Services
Bare Metal
Components
18. Security & Compliance Load & Performance
Using Dynamic Test Environments
(Sandboxes) to Certify Loan Application
Feature & Functionality
Sandbox #1 Sandbox #2 Sandbox #3
19. Using Dynamic Test Environments
(Sandboxes) to Certify Loan Application
Sandbox #1 Sandbox #2 Sandbox #3
Security & Compliance Load & PerformanceFeature & Functionality
Tests
20. Using Dynamic Test Environments
(Sandboxes) to Certify Loan Application
Sandbox #1 Sandbox #2 Sandbox #3
Security & Compliance Load & PerformanceFeature & Functionality
ScansTests
21. Using Dynamic Test Environments
(Sandboxes) to Certify Loan Application
Sandbox #1 Sandbox #2 Sandbox #3
Security & Compliance Load & PerformanceFeature & Functionality
Scans TestsTests
22. Certification as part of a DevOps CI Pipeline
Load Security Integration
Staging/
Production
Funtional
23. Meeting GDPR compliance with Dynamic Test
Environments
• Data minimization:
• Cloud Sandboxes are time bound
and isolated from each other
• Orchestration provides automated
teardown: data is not left behind
after test is completed
• Auditing: data managed as part of
the sandbox is visible in audit trail
• Dynamic Test Environments are
replicas of production
environments.
25. Manual Process
Static, Monolithic Architecture
Data Breaches & Non-Compliance
Automated Workflows
Distributed Architecture
Secure and GDPR Compliant
Summary
BANK OF THE
ALPS
26. Ask for a Technical Demo
(30-min web conference)
Start a Free Trial
Want to Learn More?
Contact us: info@quali.com
27. Additional References
• Download White paper - Application Modernization in the GDPR era:
http://info.quali.com/wp-application-modernization-in-the-gdpr-era
• Watch a demo: Financial Services Application Modernization demo:
http://info.quali.com/demo-financial-services-application-
modernization
• Watch a Chalk Talk video: Application Compliance Validation with
Dynamic Environments http://info.quali.com/chalk-talk-application-
compliance-validation-with-dynamic-environments-0