What the GDPR Means for the Future of Network Security

by | Network Security

Today I was looking at the agenda for RSA, this nation’s biggest security conference. Not surprising, there are numerous sessions on the General Data Protection Regulation (GDPR), a sweeping act aimed at protecting private information for European Union (EU) residents.

The GDPR is no joke, with hefty fines of up to 4% of worldwide revenue—not just EU profits—for companies who fail to comply. That has a lot of companies scared and has created a massive number of so-called experts ready to protect information.

As I scan the approaches, I see ways to map data flow, encrypt data, detect breaches, build firewalls—all the usual suspects. And these are all great things.

We are experienced with them and they work—mostly.

I have seen companies update or create a network diagram as the first step to understand their problems. But I have yet to see a company pull out its network diagram to solve a problem.

The problem is we get in a hurry. Changes get rolled in without updating the architecture diagram or changes get applied to the wrong version. Over time, the firewalls, virtual machines, and even network topologies morph away from the plan. A good network engineer who’s been with the company for a while can often compensate for discrepancies, but a little turnover and it’s time to start over.

Even with all these tools, we still suffer breaches. We have firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). If firewalls were perfect, we wouldn’t need IDS and IPS. Likewise, if our IPS was perfect, firewall vendors would be out of business. All these tools are great at keeping people out…until hackers find a way around them (phishing, drive-by downloads, vulnerable endpoints). We already use these systems to protect our extremely-critical PCI, HIPAA, PHI, and SOC2 data, yet leaks still occur.

Is the answer more features on existing tools or are we hitting a point of diminishing returns? Each additional capability adds more to system costs while providing less and less incremental protection. It takes more processing power to do deeper analysis. As we continuously upgrade, this means throwing away very expensive tools (or at least moving them to less critical and less trafficked zones). And with the potentially catastrophic “gravest infringement” penalty of the GDPR, it’s a great time to reconsider our approach.

What if, instead of replacing those systems, we provided a complementary tool that attacked the problem in a different way? Think about it: we already do this in our homes. Instead of replacing a door because the lock is insufficient, we add a deadbolt. Then we add a security system that detects if the doors or windows are opened, and we deploy sensors that detect movement.

HOPZERO provides a new approach to data security. I hope my colleagues at RSA will drop by to see how we keep data in the data center while they help keep intruders out. Working together, we can help keep our customers’ critical information safe. That works for every type of sensitive data, all over the world, not just the EU’s GDPR-covered treasures.


Keeping Data on a Short Leash to Avoid Breaches

Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise?...

HOPZERO Selected as “EMA Vendor to Watch”

Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals...

Ben Haley is the senior vice president of Engineering and co-founder of HOPZERO. During his over 30 years’ experience in software engineering, Ben has led network and application efforts for high performance, reliability, and security programs at multiple firms. As founding development director for NetQoS/CA Technologies, Ben led all development work and formed a research team to review performance and security anomalies. Most recently, he served as a lead architect for several key projects at MaxPoint (now Valassis), a leading digital marketing technology company.