The General Data Protection Regulation (EU) 2016/679 lays down solid rules regarding the capture and processing of Personal Data in any organization. Regardless of where such data is captured and processed, the requirements put forth by GDPR are strict, and the penalties for non-compliance are indeed not shallow at all. This calls for organizations to implement systems that regularly test, assess and evaluate the effectiveness of their defensive operations. As pointed out in GDPR Art. 3 Territorial Scope, regardless of whether the processing takes place in the Union or not, every industry associated with data capture and processing must comply or else fall prey to the penalties. While many financial institutions in Ghana are still in the process of implementing BoG Cyber Security Framework, the question of meeting compliance deadlines lingers in the face of Chief Information Security Officers and their executives as many of their cyber security solutions yet installed or to be installed overlap in certain areas of compliance. A careful planning is required to make sure resources are well expended on key areas.
That said, most institutions are faced with a tall list of security solutions to implement and yet most are either mis-configured or uses default configurations. There maybe security gaps left unattended or overlooked in the name of just achieving or ticking the compliance box. What many institutions require these days is an automated, system to continuously monitor, test, and evaluate security effectiveness across board to ensure systems operate as they should because any breach of BoG’s Security Directive is likely easing security effectiveness. What many security officers need is a 360 degree view of their security posture end-to-end and nothing can be taken for granted. Failure of any financial institution to properly configure and keep up to date with cyber threat intelligence with continuous monitoring and fine tuning along with Security Operations Center will one day lead to facing the wrath of GDPR staring in the face.
So how can data be protected without the unnecessary burden of having many security applications within one institution?. Data in this case does not solely refer to personal data alone but application data as well; for instance application logs. There is but only one technology that can help data secure itself while yet shareable across platforms and still maintaining its integrity.
Stay close to learn more in this series… how a blockchain data management platform can be leveraged to power data-centric security at the data layer.