The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Finding the Best Structure for Your Enterprise Development Team

An enterprise development team is a small group of dedicated specialists. They may focus on a new business project such as an IoT solution. Members of microteams cooperate with ideas while functioning semi-independently. These self-managing specialists are scarce in the job market. Thus, they are a relatively expensive resource and we must optimise their role.

Organisation?Size and Enterprise Development Team Structure

Organisation structure depends on the size of the business and the industry in which it functions. An enterprise development team for a micro business may be a few freelancers burning candles at both ends. While a large corporate may have a herd of full-timers with their own building. Most IoT solutions are born out of the efforts of microteams.

In this regard, Bill Gates and Mark Zuckerberg blazed the trail with Microsoft and Facebook. They were both college students at the time, and both abandoned their business studies to follow their dreams. There is a strong case for liberating developers from top-down structures, and keeping management and initiative at arm?s length.

The Case for Separating Microteams from the?Organisation

Microsoft Corporation went on to become a massive corporate, with 114,000 employees, and its founder Bill Gates arguably one of the richest people in the world. Yet even it admits there are limitations to size. In Chapter 2 of its Visual Studio 6.0 program it says,

‘today’s component-based enterprise applications are different from traditional business applications in many ways. To build them successfully, you need not only new programming tools and architectures, but also new development and project management strategies.?

Microsoft goes on to confirm that traditional, top-down structures are inappropriate for component-based systems such as IoT solutions. We have moved on from ?monolithic, self-contained, standalone systems,? it says, ?where these worked relatively well.?

Microsoft’s model for enterprise development teams envisages individual members dedicated to one or more specific roles as follows:

  • Product Manager ? owns the vision statement and communicates progress
  • Program Manager ? owns the application specification and coordinates
  • Developer ? delivers a functional, fully-complying solution to specification
  • Quality Assurer ? verifies that the design complies with the specification
  • User Educator ? develops and publishes online and printed documentation
  • Logistics Planner ? ensures smooth rollout and deployment of the solution

Three Broad Structures for Microteams working on IoT Solutions

The organisation structure of an enterprise development team should also mirror the size of the business, and the industry in which it functions. While a large one may manage small microteams of employee specialists successfully, it will have to ring-fence them to preserve them from bureaucratic influence. A medium-size organisation may call in a ?big six? consultancy on a project basis. However, an independently sourced micro-team is the solution for a small business with say up to 100 employees.

The Case for Freelancing Individuals versus Functional Microteams

While it may be doable to source a virtual enterprise development team on a contracting portal, a fair amount of management input may be necessary before they weld into a well-oiled team. Remember, members of a micro-team must cooperate with ideas while functioning semi-independently. The spirit of cooperation takes time to incubate, and then grow.

This is the argument, briefly, for outsourcing your IoT project, and bringing in a professional, fully integrated micro-team to do the job quickly, and effectively. We can lay on whatever combination you require of project managers, program managers, developers, quality assurers, user educators, and logistic planners. We will manage the micro-team, the process, and the success of the project on your behalf while you get on running your business, which is what you do best.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Failure Mode and Effects Analysis

 

Any business in the manufacturing industry would know that anything can happen in the development stages of the product. And while you can certainly learn from each of these failures and improve the process the next time around, doing so would entail a lot of time and money.
A widely-used procedure in operations management utilised to identify and analyse potential reliability problems while still in the early stages of production is the Failure Mode and Effects Analysis (FMEA).

FMEAs help us focus on and understand the impact of possible process or product risks.

The FMEA method for quality is based largely on the traditional practice of achieving product reliability through comprehensive testing and using techniques such as probabilistic reliability modelling. To give us a better understanding of the process, let’s break it down to its two basic components ? the failure mode and the effects analysis.

Failure mode is defined as the means by which something may fail. It essentially answers the question “What could go wrong?” Failure modes are the potential flaws in a process or product that could have an impact on the end user – the customer.

Effects analysis, on the other hand, is the process by which the consequences of these failures are studied.

With the two aspects taken together, the FMEA can help:

  • Discover the possible risks that can come with a product or process;
  • Plan out courses of action to counter these risks, particularly, those with the highest potential impact; and
  • Monitor the action plan results, with emphasis on how risk was reduced.

Find out more about our Quality Assurance services in the following pages:

Saving Energy Step 2 ? More Practical Ideas

In my previous blog, we wrote about implementing a management system. This boils down to sharing a common vision up and down and across the organisation, measuring progress, and pinning accountability on individuals. This time, we would like to talk about simple things that organisations can do to shrink their carbon footprints. But first let’s talk about the things that hold us back.

When we take on new clients we sometimes find that they are baffled by what I call energy industry-speak. We blame this partly on government. We understand they need clear definitions in their regulations. It’s just a pity they don’t use ordinary English when they put their ideas across in public forums.

Consultants sometimes seem to take advantage of these terms, when they roll words like audit, assessment, diagnostic, examination, survey and review across their pages. Dare we suggest they are trying to confuse with jargon? We created ecoVaro to demystify the energy business. Our goal is to convert data into formats business people understand. As promised, here are five easy things your staff could do without even going off on training.

  1. Right-size equipment? outsource peak production in busy periods, rather than wasting energy on a system that is running at half capacity mostly.
  2. Re-Install equipment to OEM specifications ? individual pieces of equipment need accurate interfacing with larger systems, to ensure that every ounce of energy delivers on its promise.
  3. Maintain to specification ? make sure machine tools are within limits, and that equipment is well-lubricated, optimally adjusted and running smoothly.
  4. Adjust HVAC to demand ? Engineers design heating and ventilation systems to cope with maximum requirements, and not all are set up to adapt to quieter periods. Try turning off a few units and see what happens.
  5. Recover Heat ? Heat around machines is energy wasted. Find creative ways to recycle it. If you can’t, then insulate the equipment from the rest of the work space, and spend less money cooling the place down.

Well that wasn’t rocket science, was it? There are many more things that we can do to streamline energy use, and coax our profits up. This is as true in a factory as in the office and at home. The power we use is largely non-renewable. Small savings help, and banknotes pile up quickly.

Ready to work with Denizon?

Contact Us Today