Infrastructure Insights
cancel
Showing results for 
Search instead for 
Did you mean: 

Comply with EU GDPR, Extend Data Protection and Avoid Steep Fines

Bob_Moore

The EU General Data Protection Regulation is coming soon and promises severe financial penalties. To avoid millions in fines, make sure your company is protected all the way down to the firmware level with HPE Gen10.

 Blog_GDPR_DataProtect.jpgThe European Union General Data Protection Regulation (GDPR) is coming soon, and this compliance mandate really packs a punch: Violators face a penalty of €20 million or 4% of their global annual turnover, whichever is higher.

While the regulation primarily impacts businesses in the EU as well as the UK, U.S. companies that transact and store information pertaining to European consumers and businesses must also comply. With the deadline just around the corner (May 25, 2018), now’s the time to make sure your compliance measures are sufficient.

Compliance helps protect against cyber threats

Preparing for the GDPR can also serve as a catalyst to take critical and potentially overdue steps to increase security and ensure compliance in several areas:

  • Compile a complete inventory of sensitive data processed by your company.
  • Assess the cost-efficiency and effectiveness of your company’s approach to storing sensitive data.
  • Evaluate your data retention and backup capabilities.
  • Measure the effectiveness of your overall infrastructure security architecture.
  • Determine what’s required to improve data protection cost-efficiency and effectiveness.

Taking these steps will not only help your business meet GDPR regulations and reduce the risk of penalties, but it will also elevate your ability to defend against advanced cybersecurity threats. It’s important to note that companies themselves in the EU, have the full responsibility of compliance with the GDPR.  But, HPE can help you get ready to comply with those requirements. 

HPE can help get you ready for the GDPR through our NIST security controls

HPE can help because we’ve applied the NIST 800-53 controls to a select set of our servers, storage and networking products.  And, some experts are promoting the NIST controls as the best way to get ready for the GDPR, see this Privacy Advisor article by Pitor Fo.

Protecting server firmware is critical

Because servers are where sensitive data converges, they are the logical part of your efforts to comply with the GDPR

Here at HPE, we’re playing a key role in helping businesses take on the GDPR challenge with our Gen10 ProLiant servers, the world’s most secure industry-standard servers.

HPE is driving firmware integrity down to our custom-designed iLO 5 silicon chip. Anchoring to our own silicon enables the ProLiant servers to monitor the firmware for compromise. 

In addition to monitoring the BIOS, the HPE Silicon Root of Trust also monitors the BMC, SPLD, IE, and ME firmware. As a result, firmware integrity is checked during each boot-up and every 24 hours while in use. If any firmware has been compromised, the server generates an immediate audit log alert and automatically resets the firmware to its last known good state.

Extending protection across the entire server lifecycle

HPE also applies additional IT security measures across the server lifecycle that further ensure ProLiant servers. Although no products from any IT vendor are certified as GDPR compliant, the HPE solutions use state-of-the-art security technology that aligns with the GDPR requirement to have “privacy by design” rather than bolted-on as an afterthought. We closely monitor our supply chain to make sure all components are certified, pass anti-counterfeiting checks, and arrive securely at our manufacturing floor.

  • Network interface cards utilize a secure boot process, capture forensics to trace firmware updates, and block unauthorized access through built-in firewalls.
  • The servers isolate and quarantine endpoints that exhibit threatening behaviors towards applications and sensitive data across the entire server environment.
  • Our technology supports format-preserving encryption and stateless tokenization so sensitive data can be de-identified.

ProLiant servers are also protected during the shipping process with a chassis intrusion detection latch. If there has been physical tampering of the server, this mechanism logs an audit alert in the iLO firmware, even if the server does not have power. And when your server reaches end-of-life status, we continue to offer protection through our secure destruction and disposal services.

Staying ahead of infrastructure threats

When leveraging technologies that open new business opportunities, it’s critical to also defend against infrastructure attacks. In addition, increased security measures are needed as the IT security infrastructure threat landscape continues to evolve and as attacks become more sophisticated, while the attack surfaces are expanding.

HPE has a strategy to help you stay ahead of the threats through our unique server firmware security capabilities, which offer advanced protection, detection, and recovery. Download the Moor Insights and Strategy white paper, HPE Locks Down Server Security, to learn more.

0 Kudos
About the Author

Bob_Moore

Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.

Events
Jan 30-31, 2018
Online
Expert Days - 2018
Join us online to talk directly with our HPE experts during online Expert Days. Find information here about past, current, and upcoming Expert Days. P...
Read more
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
View all