Column Control DTX

GDPR at a Glance

Brochures

The European Union (EU) General Data Protection Regulation (GDPR), as of May 2018, will lead to a greater degree of data protection harmonization for individuals across the EU. Organizations began the transition to GDPR compliance in 2016 and have until May 25, 2018 for full implementation of measures needed to comply. Ixia products can help ensure that customers’ visibility architectures facilitate compliance, either on-premises, within the cloud, or as a hybrid deployment.

 

GDPR will impact organizations in two ways as it relates to security and visibility. First, companies that are based in the EU, or, if outside the EU, are doing business with EU residents, will need to ensure that their handling of EU residents’ personal data, at-rest or in-motion, complies with the GDPR. They must also ensure that no personal data is transported to countries outside of the EU that are deemed to have lower standards, except by design.

 

This, of course, implies advanced planning. For example, employees of an EU-based company may be pointed to non-EU Software as a Service (SaaS). This requires that the organization have confidence in the security of the SaaS application. And, the term “personal data” is wide-ranging, relating to any private or professional data, including names, addresses, photos, email addresses, bank details, social postings, medical information, or, in some cases, even Internet Protocol (IP) address.

 

GDPR Impact on Visibility Architectures

 

The GDPR will have a major impact on the types of personal data that may be collected and recorded, as well as where this data can go. Any visibility architecture must ensure that a company knows which countries their data is going to, and if the data is not encrypted, must make doubly sure that it is protected. Onpremises and private cloud architectures will probably be the easiest to handle. Under the GDPR, one basic precept is that businesses implement technical and organizational measures to provide appropriate protection to the personal data they hold or process. Protection standards outlined in the GDPR include pseudonymization or encryption, where possible, to reduce privacy risks.

 

Ixia GDPR Compliance Visibility Architecture for a Physical Data Center

 

The fact that IP addresses can be considered personal data adds a wrinkle to this. In some ways, this almost turns traditional approaches to visibility upside down, since, instead of opening up the network to further analysis with increasingly powerful tools, a balance is now required in restricting the flow of confidential data. In implementing a visibility architecture, IP addresses should be protected. Ixia already has a solution for this with its AppStack capabilities, which includes the Data Masking Plus feature, available on the Ixia Vision network packet brokers (NPBs). The technology to deliver these capabilities is either built in on Vision NPBs or delivered through a software module.

 

Data Masking Plus was originally developed to secure Personally Identifiable Information (PII) data but is ideal for GDPR compliance. The administrator can set any data pattern or offset for masking, such as a credit card record, a Social Security number, or the IP address, with a simple, best-in-class graphical user interface (GUI). AppStack also supports geolocation of user data, which further helps identify traffic originating in the EU. Data masking and  geolocation combined with or without encryption of the data itself  will help facilitate GDPR compliance.

×

Please have a salesperson contact me.

*Indicates required field

Preferred method of communication? *Required Field
Preferred method of communication? Change email?
Preferred method of communication?

By clicking the button, you are providing Keysight with your personal data. See the Keysight Privacy Statement for information on how we use this data.

Thank you.

A sales representative will contact you soon.

Column Control DTX