Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenIO Summit'17 - Building GDPR compliant solutions with OpenIO and SME File Fabric


Published on

In this presentation discover how to build GDPR and regulatory compliant solutions using Storage Made Easy File FabricTM and OpenIO.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

OpenIO Summit'17 - Building GDPR compliant solutions with OpenIO and SME File Fabric

  1. 1. Building GDPR compliant solutions with OpenIO and SME File Fabric™ Storage Made Easy
  2. 2. • File Fabric Introduction • GDPR • File Fabric and GDPR • Demo • Q&A Agenda
  3. 3. QUICK FACTS Founded 2009, Private UK LTD Company Shipping Product since 2012 Hundreds of customers ISP’s, Universities, Enterprise Largest internal deployment: Telco 100k users Largest deployment: OEM 270k users What we do UNIFY SME unifies data assets whether they are on-cloud or on-premises COLLABORATE SME promotes joined up Collaboration, Workflow and Search to facilitate business transformation and productivity SHARE Securely share files with time expiry, password protection and download limits GOVERN Set common policies across data. Have a single audit point. Provide compliance controls across all data sets
  4. 4. What we do for you? ISP: Launch Own Branded Enterprise File Fabric Offering with any storage combination. Education establishment: Provides controlled secure access to federated on- cloud and on-premises data. For Enterprise: Unify and protect data. Set common policies and audit points. Share files securely. Search across files. Protect files on-cloud and on-premises using encryption. Use an a means for federation and digital transformation For companies embracing Object Storage: Can be used to transition legacy storage assets to Object Storage in the context of a wider infrastructure modernisation project. Why SME? Centralized access to multiple on-premises and cloud-based systems through a unified, “single-pane-of-glass” view, from any device and any location enhancing user productivity Promotes Security and Compliance across all data sets through policies Enterprise-grade security and encryption for rigorous data security and compliance needs. Enable users to collaborate as a team and with external companies easily and effectively Same folder access across geographic regions using SME Cluster technology
  5. 5. The Solution • Use OpenIO SDS with mobile & desktop apps • Centralize Data Governance & Security Policies • In-House Enterprise File Sync and Share • Multi-provider Data Access and Migration Storage Made Easy provides a File Fabric across local and cloud storage for governance & collaboration. Google Dropbox
  6. 6. Quick Facts About GDPR Storage Made Easy
  7. 7. Quick Facts about the GDPR First proposed in January 2012 Approved formally in April 2016 Applicable from 25th May 2018 It will supersede any national laws The main aim is to extend the scope of the EU data protection law to all foreign companies processing data of EU residents whilst implementing a stricter data compliance regime Quick facts
  8. 8. Core GDPR Principles of personal data collection Personal data must be accurate and kept up to date. Personal data must be adequate, relevant and limited to what is necessary for processing. Personal data can only be collected for specified, explicit and legitimate purposes. Personal data must be processed lawfully, fairly and transparently. Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing. Personal data must be processed in a manner that ensures its security.
  9. 9. Subject Access Requests • Rules changed • 30 days to comply • No charge Consent • Must be explicit / verifiable • Is not forever Privacy / Consent notices • Must be updated • Must be explicit Data Breach • New breach notification requirement • Breach reporting failure results in a fine also Processing Data • What is legal basis? • Explain in Privacy notice • Explain in Subject Access requestIndividual Rights Rights erase / correct GDPR – what else?
  10. 10. Preparation • Promote GDPR awareness • Conduct an information audit • GDPR Training • GDPR Planning • GDPR Implementation • GDPR Enforcement Preparing for the GDPR
  11. 11. Fines for non compliance are high Up to €20 million or 4% of Gross Turnover !
  12. 12. GDPR is coming
  13. 13. What the File Fabric provides to aid GDPR Storage Made Easy
  14. 14. Compliance / HIPAA / GDPR ready
  15. 15. Unified Policy enforcement across corporate data • Company data is spread across silos - On premise in filesystems and corporate apps - And now in cloud storage and SaaS applications • GDPR Challenge - Vendors control data security - No control over physical location of data - Difficult for IT to enforce policies • Control of data shared outside of company - 65% of users use unsanctioned file sharing tools - How does IT enforce encryption, sharing or retention policies? - How do companies track who shared or downloaded assets? Google Dropbox Private cloud
  16. 16. Secure File Sharing • Password protected • Time Expiry • Limit downloads User Controlled encryption • AES-256 • VaultAudit • Excel Compliance hand-off • Output to Syslog format • Folder & action monitoring Cloud Governance • Set Policies • Control all sharing features • GEO IP Controls File versioning, Locking, Trash Legal Hold DLP Governance and Compliance features for all data
  17. 17. Web editing Cloud-to-desktop editing PDF Annotation editing File Commenting (+ notifications)Single Sign On External users too Secure File and Folder Sharing (external too) Approval Workflows (& notifications) Project Workspaces (Data Rooms) Built-in Collaboration
  18. 18. Safeguard data FIPS-140 Compliant Protect data integrity Make data unintelligible If breached Data Encryption – Article 32
  19. 19. Data Auditing Audit all Data access for GDPR compliance
  20. 20. Out of the box support for corporate LDAP / Active Directory / SAML Identity Management Systems Authentication enforcement
  21. 21. Content Search Discovery Classification & Tagging
  22. 22. Real Time Notifications
  23. 23. Protect common legacy access mechanisms: • FTP • WebDav • SFTP Encrypt and Log Securely protect Legacy Application protection
  24. 24. Live Demo • End User Experience - File Explorer - Collaboration - Desktop apps • Management • Security policies / audit logs • Tenant configuration • Branding
  25. 25. DEMO Storage Made Easy
  26. 26. Benefits of OpenIO & SME Storage Made Easy
  27. 27. • Consolidate File Services • Enterprise Sync & Share • Document Collaboration OpenIO + SME • Lower Cost • Secure and Reliable • Easy to Deploy and Manage • Scalable
  28. 28. Q&A Storage Made Easy
  29. 29. Locations