CPiO Cloud & GDPR Readiness

Supporting you and your business in your GDPR journey

At CPiO, we are committed to helping our customers with their GDPR compliance by providing robust privacy and security protections built into our services. We understand that there are still plenty of grey areas when it comes to GDPR, but we have been working very hard to not only reach our own compliance, but to develop our CPiO Cloud platform to support you in your compliance journey. We can offer you a range of services to to help you accelerate towards GDPR compliance by the 25th May 2018 deadline.

Data Controller vs Data Processor

Whilst it may be a technicality, understanding the difference in responsibility between a Data Controller and a Data Processor is key to setting GDPR policy. As your CPiO Cloud Partner we take our role as Data Processor very seriously, but what are those responsibilities and how do they compare to your role as Data Controller?

As our CPiO Cloud customer, you are classed as the Data Controller for all company data held within applications in CPiO Cloud or interacting with CPiO Cloud. The Data Controller controls the data and the purposes for which personal data is processed.

Responsibilities

  • Your own data within applications, file sharing, databases and emails
  • Application identity, access to and security of those applications
  • Client-side security
  • Client-side firewall

Within CPiO Cloud CPiO is the Data Processor, interacting with data but not responsible for that data.

Responsibilities

  • Server infrastructure maintenance and security
  • Storage infrastructure and security
  • Network management and security
  • CPiO Cloud Firewall
  • Network Traffic Protection (VLAN and Encryption)
  • Backup (Encryption and Access Security)
  • Anti-virus Protection

Data Processor Readiness

The CPiO Cloud team has spent a lot of time considering all areas of GDPR compliance as a responsible cloud provider. We’ve been working towards compliance for over 12 months ensuring that we have reviewed, adapted and tested our solution to offer the very best security we can including:

  • A Privacy Impact Assessment (PIA) has been completed with regards to the CPiO Cloud infrastructure.
  • A review of the technologies that we use to meet GDPR compliance
  • We have refreshed and developed our policies with regards to Subject Access Rights, CPiO processes and best practice.
  • We have provided additional training for employees on new policies, procedures and their responsibilities with regards to data security.
  • We have updated the change control process for improved traceability.
  • We continue to work with suppliers and third parties with reference to GDPR policies and technologies.
  • Portal access – we are offering a free portal to our CPiO Cloud customers for auditing purposes. The portal will audit and provide reports on events such as unsuccessful logins, account and group creations, deletions and changes and mailbox access.
HOW CAN TECHNOLOGY HELP WITH COMPLIANCE?

Technology can be used to support four areas: discovery of data, protection, management and auditing. At CPiO, we can you help you to review your entire data protection strategy and advise you of the best route going forward. Whether you are looking to implement the latest tools in data security or some need advice from one of our team, we are here to support you on your journey to GDPR compliance. So what’s on offer?

Unsure where to start? Let one of our experienced consultants come and look at the way data flows through your business and advise you of the next best steps to take to meet GDPR compliance. We can review your data model and design an end-to-end data protection strategy for your business, all with maximum value in mind.

As part of your data protection review, you will need to consider the types of data flowing through your business: Is it freely available? Does the data contain personal information? We can help you create an effective data classification system whereby for example, if a piece of data is marked as ‘highly sensitive’, an email alert can be set up to let the data controller know that someone wants to access it. In this sense, data is protected by the authority.

Encryption translates data into code, so that only people with access to a key or password can read it. It is currently one of the most effective data security methods used by organisations to protect data confidentiality across all devices. In recent years there have been numerous incidents where personal data has been stolen, lost or subject to unauthorised access. By encrypting information, businesses can take control over their data by validating users and ensuring data authenticity when data is used and transferred.

Data loss prevention software uses detection techniques to identify sensitive data. By monitoring and detecting personal information like bank details and addresses, businesses can determine why and how information is being used and therefore recognise any data breaches or misuse. It is essentially a filter that blocks the flow of sensitive data. This should be used to shield businesses from insider threats.

Most standard security procedures online involve a simple username and password. With the ever increasing risk of cyber attacks, an extra layer of security is beneficial to ensure data is protected. Two-factor authentication, also known as 2FA involves the use of both a username and password and a piece of information that only the user knows, for example a personal identification number or the fingerprint ID typically found on an iPhone. Two-factor authentication is a tried and tested method that makes it harder for attackers to gain access to a person’s devices and online accounts.

Around 54% of UK businesses have been affected by Ransomware, a situation where hackers lock you out of your devices and demand a ransom in return for access. This is a huge, scary risk for all businesses hence why antivirus & anti-ransomware software are so important.This solution scans and wipes out any ransomware attempts found on your computer, giving you extra security and peace of mind.

Device Management enables IT teams to control the securing, monitoring, integrating and managing of devices such as smartphones, tablets, and laptops in the workplace. With device management, businesses can be assured that the network and its data is fully secure and GPDR compliant on all devices.

Many businesses do not validate whether its employees are provisioned with the right access and permissions to use data. Further to this, when employees move roles across the business, they gain access to new data without necessarily losing access to previously acquired data. To comply with GDPR, businesses will need to take a much more controlled approach to minimise unauthorised access to critical information. With our team of experts, we can help you strengthen and centralise your access and identity management set up and give you the control you need over your data and its use.

With the risk of cyber attacks higher than ever, it is really important your data is backed up. Backups exist in case information is destroyed accidentally or maliciously.

CPiO Cloud Services makes automated back-ups so you don’t need to worry about keeping copies of your data. And our high specification hardware and secure hosting facility gives you the greatest level of resiliency. Find out more here

Cybercriminals continuously develop new exploits that take advantage of application vulnerabilities, to introduce malware and compromise endpoints. A exploit attack can slow down your computer, cause sudden application failure and expose your personal data to hackers. Exploit prevention protects the applications and files that are prone to these attacks and cleverly mitigates the methods attackers use to exploit software vulnerabilities.

Patch management involves keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks. With older software versions, companies are far more vulnerable to cyber crime and leave obvious gaps for hackers to intercept. This may be the most simple technological solution but up to date software can really provide the reassurance and confidence your business needs.

The CPiO Desktop Access Key is the latest tool you need to secure your remote and local desktop. Plug a physical security key into your machine to generate a unique 50 digit code that works alongside your password to verify each individual login to your desktop. A technology used by world leading enterprises such as Google and Facebook, the key is battery-free, water-resistant, and supported by all computers and platforms. It is designed to significantly reduce risk whilst saving time for both users and your support team.