Imminent new security and privacy regulations invite a rethinking of traditional approaches to enterprise architectures for cyber security and data protection. Pending regulations, such as the European Union General Data Protection Regulation (GDPR) and the European Commission’s revised Payment Services Directive (PSD2), will usher in new requirements, including stiff financial penalties for noncompliance. GDPR, which goes into effect in April 2018, will levy fines of up to 4% of global annual revenue for data breaches.
Rethinking current practices is particularly relevant to administrators and architects of HPE NonStop systems, which enable many of the world’s most critical transactions and therefore process many types of sensitive data covered by regulations. NonStop systems are currently deployed across many industries, ranging from financial services and retail to telecommunications and energy.
Industry-specific regulations vary widely. For instance, the financial sector tends to provide more broadly standardized approaches, such as the Payment Card Industry Data Security Standard (PCI DSS). In other industries, such as telecommunications, the growing body of regulations is more diverse, ranging from International Telecommunication Union (ITU) to country-specific standards.
These increasing, stringent regulations coincide with a proliferation of cyber risks, threats, and vulnerabilities. Businesses recognize their exposure. For instance, Egress Software Technologies research found that 87 percent of CIOs believe they would be exposed if the regulations came into force today, while Netskope-commissioned YouGov research found 80 percent of IT professionals in medium and large businesses are not confident of ensuring GDPR compliance by the April 2018 mandate.
Characteristics of Future-Oriented Architectures
Our view is that future-oriented NonStop architectures, in order to satisfy regulations and protect the enterprise, must contain the following core characteristics:
Figure 1, below, illustrates a recent solution we deployed that illustrates these architectural characteristics.
Choosing a Partner Architect
As deadlines approach, much work must be done to plan, design, and implement revamped architectural solutions. In evaluating potential partners, consider their ability to achieve the following:
The Future is Now
Security and data privacy regulations like GDPR and PSD2 introduce a huge number of data-governance obligations.
The implementation strategy for appropriate technical and organizational measures must ensure a level of security commensurate with the risk. Timing is critical, as the latest April 2018 key privacy standards have serious commercial implications, including penalties for noncompliance.
For a deeper discussion of your potential options, contact us today to speak with a NonStop expert.