Modern IT, especially cloud and mobile technologies, has significantly improvedaccess for users from anywhere to anywhere. Whether a user is working remotely and needs to access company systems; taking advantage of 24hr banking to manage their finances; or buying online to avoid shopping crowds; people have amassed a multitude of online “identities” in their effort to improve efficiencies of many day-to-day tasks. Users are not just employing one device, in fact, they typically intermingle an assortment of corporate-issued and personal devices.
Essentially, Modern IT is designed to create cost efficiency and con venience around communications and transactions. The complication is that these benefits are not limited to the organizations and their authoriz ed users but extend out to hackers/cyber criminals. The plethora and intermingling of both personal and company-issued devices added to the swelling number of cloud applications has massively enlarged the attack surface increasing the complexity of protecting an organization while at the same time decre asing the difficulty for compromise. While organizations try to create friction for unauthorized users by adopting best-in-class technology and hiring skilled cybersecurity professionals, the European Union (EU) has announced a regulation that is “designed to harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy.” While the EU has had data privacy laws since the 1980’s, this is the first regulation that applies directly to organizations established outside the EU that process EU citizen personal data. The GDPR will be a game-changing regulation because it is basically resetting the best practices model for data privacy and protection, globally as the first pan-EU law that is also extraterritorial.
Full Report Here