The GDPR consists of 99 articles that mandate how personal data is to be handled, but how do you manage years of data on various platforms?
Dell EMC and Index Engines together can deliver an intelligent, actionable approach to managing complex data environments in support of GDPR compliance. Providing deep intelligence across primary and secondary storage, this combination enables advanced classification, search and management allowing you to find personal data under management with considerable precision.
During the 60-minute web event, you’ll learn how to:
Approach GDPR compliance with a data-focused process
Mitigate risks with an intelligent, easy-to-implement workflow
Map and classify data to focus and streamline searches for personal data
Locate personal data with advanced search techniques
Better manage petabytes of data to control access and streamline costs
Consider alternatives to cross-border transfers to reduce potential risk
1. Dell EMC and Index Engines Overview
Tackling the GDPR: An Actionable Approach
2. Presenters
Mark Sanders, Dell EMC
Global Sr. Director
Mark.F.Sanders@dell.com
Jim McGann, Index Engines
Vice President, Business Development
Jim.McGann@indexengines.com
Jim Shook, Dell EMC
Director, Cybersecurity & Compliance Practice
Jim.Shook@dell.com
3. Agenda
▪ Brief Data Protection Overview
▪ GDPR from an IT Perspective
▪ Quick Overview
▪ Common Myths
▪ Intelligent Workflow to Support the GDPR
5. Dell EMC Data Protection Solutions
Quick Strategy Overview
Mark Sanders–Sr. Director, DPS Global Technology Office
6. 6
Protection
Strategy
Agent Based App Direct Cloud Native DPaaS
Open Systems Mission Critical Next-Gen Future
Appliances Commodity Object Private Cloud Public Cloud
Protection
Infrastructure
Protection Infrastructure As A Service
Configure Build Run
Workload
Categories
Protection Service Catalog
Managed Self-Service
7. Dell EMC and Index Engines Partnership
▪ Dell EMC Data Protection
▪ 5yrs + relationship
▪ 100’s of customers
▪ Tape Remediation, Risk Mitigation, 3rd Party SW Removal and LTR to the cloud
▪ Index Engines – Offers More….
▪ Supports classification, search and management of personal data
▪ Architected for petabyte class data environments
▪ Management of both primary and secondary data sources
8. GDPR from an IT
Perspective
Jim Shook – Director Cyber Security and Compliance Practice – Data Protection Solutions, Dell EMC
9. What is GDPR?
The basics
TheGeneralData Protection Regulation(GDPR)is a newlaw which
establishesa singleset of rulesfor every EUMemberState to protect
personal data.It buildsuponandupdates the current EUdata
protection framework.
Effective date
It will comeinto force on 25 May 2018.
10. GDPR Shortcut Myths
- Addresses only a very small part of GDPR
- Unintended consequences
Encrypt everywhere!
11. GDPR Shortcut Myths
Can be a key component to a GDPR strategy
- Retention, Security, Search, Access
But:
- Only addresses certain data and data types
- Excludes processes
Archive everything!
12. GDPR Shortcut Myths
Addresses only cross-border transfers
- Limits on who is eligible
- Risk due to pending cases
Privacy Shield
13. GDPR Compliance
End-User Data Public Cloud Data Center
Data Use/Consent,
Minimization
Right of Access
Right to Be
Forgotten
Cross-Border
Transfers
Security
Search /
Access
Audited
Retention &
Deletion
Tape
Deletion &
Migration
Mapping &
File
Intelligence
Private
Clouds/
Cloud Geos
Professional
Services
Remote Offices
Protect /
Detect /
Authenticate
Data Focused View
14. Unstructured Content
▪ Large (Often petabytes) of unstructured data
▪ Generally little insight into content
▪ Personal data: names, email addresses, etc.
▪ Expired: Often no retention, can be decades old
▪ Need some insight to begin classification
▪ Age: Created and last accessed
▪ File types: Logs, photos, productivity
▪ Locations / Paths: HR, Legal, Marketing, individuals
16. Challenges of the GDPR
▪ GDPR introduces an overwhelming information management
challenge, however, today we are here to present an intelligent
workflow that will make easier work of the GDPR.
18. Classify Data Assets
ROT
Out Of Scope
In Scope
• Redundant, obsolete and trivial data with no business value
• Migrate to Dell EMC cloud to simplify management process
• Data with value that does not contain personal content
• Eliminate from GDPR queries
~ 40%
~ 50%
~ 10%
• More manageable sub-set of all data assets
• The focal point of GDPR queries
19. Light Metadata Indexing
▪ Capture file level metadata including:
▪ Leverage metadata reports and analysis
▪ Who owns what data (by user, by department)
▪ Frequency of data access (active vs. inactive data)
▪ Type of files and location
▪ Volume of data by capacity and server
• File name
• File path/location
• Owner
• File size
• Dates (Created/Modified/Accessed)
• Extension
• ACLs (Read/Write/Browse Permissions)
• And more
20. Light Metadata Indexing Specifications
▪ High speed crawl of data sources
▪ File servers, email servers, SharePoint servers, etc.
▪ For backup data, the backup catalog
▪ Industry leading indexing speeds reaching up 8,000 files/sec/node
▪ Efficient index storage - ~1% of original data capacity
▪ High speed search
▪ Minimized indexing server requirements
▪ Linearly scalable for large scale environments
22. Personal data is widely defined to mean any information relating to an identified or identifiable
individual (known as a “data subject” under the GDPR). Personal data may include name,
physical address, email address, identification number, location data, online identifier, credit
card number, or health information.
Personal Data
23. Deep Indexing Specifications
▪ Deep index only in scope data, typically a small subset of overall data
▪ Efficient index storage - 5% of original data capacity
▪ High speed indexing up to 1TB/hr/node
▪ Support for federated queries and archiving
▪ Linearly scalable for large petabyte class data environments
▪ Supports both network data, and legacy backup data assets
24. Flexible Search to Support the GDPR
▪ Comprehensive, flexible search options
The combination of these extensive search options will allow you to
find all personal data under management with considerable
precision
Type of Search Description
Keyword Known strings such as: Name, address, TaxID, etc.
Pattern Sensitive Information such as: Bank routing, social security, credit card
numbers, etc.
Concept Personal data that doesn't fall into above categories and can only be
discovered through machine learning algorithms
25. Defensible Disposition of Data Assets
ROT
Out Of Scope
In Scope
• Purge or migrate to Dell EMC cloud
• Will prove to deliver ROI to your preparation for the GDPR
• Ignore
• Monitor for future changes and requirements
~ 40%
~ 50%
~ 10%
• Manage based on policy
• Monitor in place, migrate, or archive
26. ROT Clean Up
▪ Minimize data assets by cleaning redundant, obsolete and trivial data
▪ ROT clean up will create a compelling ROI
▪ Reduce storage footprint and ongoing capacity upgrades
▪ Reduce data center infrastructure, including data protection costs
▪ Eliminate risk and exposure of unknown legacy content
▪ Most organizations can realize up to 40% ROI
▪ Fully loaded costs storage: Forrester: $955,500/100TB IBM: $4M/1PB
▪ Delete ROT or migrate to Dell EMC/Virtustream cloud storage
(1PB of cloud storage < $360K/yr)
27. Migration and Archiving Features
▪ Build and store data policies to support disposition:
▪ Migration to new repository including the Dell EMC cloud
▪ Deletion of data with no business value
▪ Integrated archiving on disk or cloud
▪ Defensible process
▪ All migrations are logged for defensible audit trail of disposition
▪ As data is migrated all metadata remains intact
28. Security Features
▪ The GDPR mandates strict notifications and potential fines for data
breaches and attacks on personal data
▪ Examples of Index Engines capabilities:
▪ Find documents containing personal information
▪ Use Activity Logs to determine who has accessed these files to find potential
rogue employees
▪ Use Access Control Lists (ACLs) to determine who has read/write/browse
permission for sensitive files
▪ Proactively clean up sensitive data so it does not breach the fire wall
29. Dell EMC Supporting Technologies for GDPR
Right of Access
Data Erasure (Right to be forgotten)
Data Minimization / Retention
Cross-border transfers
30. Next Steps
Contact Dell EMC and Index
Engines for a GDPR Readiness
Assessment
Dell EMC: Jim.Shook@dell.com
Index Engines: info@indexengines.com