GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going to review the “why” in addition to the “what”.
GDPR and Security of Logs
GDPR requires organizations to apply adequate technical measures in protecting personal data. While that is broad and up for interpretation, certain best industry practices and typical tools will get that covered. Not just for the regulator, but to achieve the real purpose of the regulation – protecting personal data.
In the context of GDPR (but not limited to it), security logs need to be collected from all possible sources. These include database servers, web servers, ActiveDirectory, Exchange, cloud providers (e.g. AWS, GCP, Azure), SaaS (e.g. Office365, Google Workplace), firewalls, network switches, ERPs, CRMs and any other business-specific application.
These logs, once centrally collected, allow the organization to have full visibility on data processing, provides accountability (“who did what”) and allows for overall reduced risk of data breaches:
- Full visibility – if you don’t know what’s happening in your infrastructure, you won’t know that a data breach is happening. You may not learn until many months later, which will potentially prompt a harsh response from regulators.
- Real-time threat detection – the correlation of logs from multiple sources and applying threat detection rules and statistics allows preventing malicious actors from exfiltrating data.
- Automated incident response – once a threat is detected, certain actions can be performed automatically (e.g. sending notifications, blocking IP addresses, disabling accounts).
- Insider threat detection – malicious actors don’t have to be “hackers”; it’s often that case that insiders contribute to a data breach. Centralized audit log collection allows tracking and preventing such activities.
- Simplified audits – with flexible reporting and the option to provide timeboxed auditor accounts, audits can be much less painful.
LogSentinel SIEM gives all of the above (and more). SIEM has been thought to improve GDPR compliance and reduce the risk of breaches. And that’s true if implemented properly, i.e. – all sources are collected, proper rules and machine learning is configured and adequate response measures are set. The complexity of getting it right has been the weak spot of SIEM and therefore many mid-size organizations have opted not to get one. LogSentinel SIEM targets that weak spot by being simple to set up and use in any environment (on-premise, cloud, hybrid).
GDPR compliance has never been just about consent checkboxes, cookies and having the right paperwork. It is as much about users rights as it is about cybersecurity regarding users’ data. And SIEM can be the right tool for the job.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.