Scribd Logo
Upload

Welcome to Scribd!

  • GDPR and Ontap: Quick Guide

    Uploaded by

    bondsaru
    34 views21 pages
    Netapp doc (saru)

    Original Title

    Netapp doc (saru)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Netapp doc (saru)

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views21 pages

    GDPR and Ontap: Quick Guide

    Uploaded by

    bondsaru
    Netapp doc (saru)

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    GDPR and ONTAP

    Quick Guide

    Juan Mojica
    Sr. Product Manager
    August 2018

    © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Agenda
    ONTAP and GDPR Quick Guide

    1) Understanding GDPR
    2) Effective Strategies for GDPR
    3) How ONTAP Helps with GDPR
    4) Other Collateral

    2 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Digital transformation will
    generate massive data sets.

    People must trust companies to


    appropriately use that data.

    3 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Artificial Intelligence will automate
    business functions.

    Data privacy regulations prevent actions


    on individuals based solely on AI.

    4 © 2018 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use Only
    Understanding GDPR

    5 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    General Data Protection Regulation (GDPR)
    If you hold or deal with personal data of an EU citizen or resident,
    GDPR affects you
     Data privacy compliance regulation
    taking hold mid–calendar year 2018
     Aims to protect EU citizens or residents’
    personal data
     Applies to any organization, anywhere
    in the world with EU citizen personal data
     Contains huge penalties (larger of 4% of
    turnover or €20 million)

    6 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Can ONTAP meet GDPR compliance out of the box?
    GDPR is a compliance framework that customers must drive

     NetApp must undertake Customer must undertake

    DoD IN Common PCI-DSS HIPAA


    FIPS Criteria GDPR
    APL (Credit Cards) (US Healthcare)

    Require intimate knowledge of Require end-to-end process


    algorithms definition
    EXAMPLES
    7 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
    What is the customer trying to do for GDPR? Pass any audit
    Technology can make things easier, but ultimately, customers need to pass any audit to prevent fines

    Customer goals
    Customer must undertake
     Satisfy auditors
     “Defensible” position

     Repeatable, traceable process


     Technology is a means to an end, not the
    PCI-DSS GDPR HIPAA actual goal

    8 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Effective Strategies for GDPR

    9 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    First GDPR steps for all organizations
    Organizations must determine if they handle EU citizen or resident personal data

     Organizations must determine if they:


     Process
     Store
     Transmit

    EU citizen or resident personal data:


     Any information relating to an identifiable person
     Examples: Name, DOB, IP address, etc.

     If organizations have this data, they need


    a GDPR strategy.

    10 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Data privacy tenets required for a successful strategy
    Customers must understand data, and set up policies and procedures so that personal data is protected and
    used accordingly

    Identify & Deploy &


    Govern Secure & Protect Respond
    Validate Manage
    • Policy-based • Personal Data • Implementation • Data • Data breaches
    data • Structured, methods confidentiality • Auditors’
    governance unstructured • Breach • Data integrity requests
    • Retention • Incoming and detection • Data • Users' requests
    policies outgoing • Policy availability
    • Distribution source of data effectiveness • Data replication
    policies

    11 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    How ONTAP Helps with GDPR

    12 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    NetApp® ONTAP® provides state-of-the-art capabilities that
    enable our customers to achieve GDPR compliance.

    Unified Security Integrated Data Comprehensive


    Features Protection Audit Logging
    Encryption Disaster recovery Local and remote
    MFA Automated data retention Incident-based messaging
    Role-based access controls

    13 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    ONTAP helps with GDPR – Managing, Protecting, Responding
    Governance is outside the scope of technology, and understanding data is outside the scope of ONTAP

    Identify & Deploy &


    Govern Secure & Protect Respond
    Validate Manage
    • Policy-based • Personal Data • Implementation • Data • Data breaches
    data • Structured, methods confidentiality • Auditors’
    governance unstructured • Breach • Data integrity requests
    • Retention • Incoming and detection • Data • Users' requests
    policies outgoing • Policy availability
    • Distribution source of data effectiveness • Data replication
    policies

    14 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Mapping data privacy strategy to GDPR and ONTAP technology
    7 Conditions for consent
    Principles relating to the processing of
    6
    personal data
    15 The Right to Access

    16 The Right to Rectification


    Identify & 13
    Information to be provided where personal
    Validate data are collected from a data subject The Right to Erasure (“be
    17
    Forgotten”)

    Automated individual decision-making, The Right to Restriction of


    22
    including profiling • Verbose 18
    Processing
    Audit Log
    • Role Based Access 20 The Right to Data Portability
    Controls 25 Data Protection by Design and Default • 3rd Party
    • Multi-factor Auth Analyze & Integration Respond 21
    The Right to Object; esp. Do Not
    for Disturb
    Manage
    • Instant Clones 32 Security of Processing complete
    file audit Notification of a personal data
    log 33
    breach to the supervisory authority
    • Snapshots & Snaplock
    25 Data Protection by Design and Default
    • AES Encryption
    • In-flight (TLS, SSH, 32 Security of Processing
    Communication of a personal data
    Secure & 34
    krb5p, SMB) breach to the data subject
    • At-rest (SW & HW) Protect 44 General principle for transfers

    • Replication 35 Data protection impact assessments


    • Sync & Async 46 Transfers subject to appropriate safeguards

    © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Challenges customers face in implementing GDPR strategy
    To help deal with the complexities of GDPR, ONTAP provides unique data management capabilities

    Data Management System Administration


    of Personal Data
     Compliance is an administrative
     Must be secured or be removed. overhead.
     Must be available for auditors, users.  Actions must be logged.
     Retention policies must be implemented.  Access must be limited with minimal
    amount of privileges.
     Replication must be carefully managed.
    16 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL — EXAMPLES
    ONTAP data handling capabilities that help with GDPR
    For compliance, ONTAP has the ability to secure and protect the data

    Instant copies. Retain Ransomware recovery.


    full value of original Quickly restore after attack
    data, but hide data in with NetApp Snapshot™
    copies for processing
    with NetApp® Business Continuity.
    FlexClone® technology Zero RPO continuous
    availability with NetApp
    Policy-driven data MetroCluster™
    retention.
    Automatically Data disaster recovery.
    enforce data Data Full data replication with
    retention with NetApp SnapMirror®
    NetApp SnapLock®
    Encryption.
    Malware prevention. During transmission
    Antivirus and third-party and while on disk, data
    integration through NetApp is secured and can be
    FPolicy™ purged
    17 © 2018 NetApp, Inc. All rights reserved.
    Administrative capabilities within ONTAP that help with GDPR
    Administering the system in a GDPR environment can be simplified with ONTAP

    System Role-based
    notifications controls
    through System with full, partial,
    Manager and and read-only
    NetApp® ASUP™ access and
    notifications multifactor
    authentication

    Policy
    enforcement
    through open
    APIs Admins Audit logging
    with NetApp with local copies
    FPolicy™ and the and syslog
    NetApp
    Manageability
    SDK
    18 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
    Other Collateral

    19 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Learn more and engage the customer on GDPR
    Field Portal and NetApp web has GDPR collateral that covers the entire portfolio

     Deep dive  Deep dive that can be shared with


    presentation the customer

     Portfolio view  Defines NetApp position

     Lists partners
    that can help

     Lists all the security features  Guides customers on how to


    available in NetApp® ONTAP® and secure the ONTAP system (can be
    can be shared with customers shared with customers)

     Answers “Do you have …?”  Auditors look for and love this type
    of guide
     DS-3846
     TR-4569

    20 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —


    Thank You

    21 © 2018 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

    You might also like