Splunk: How Machine Data Supports GDPR Compliance

© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.
GDPR
Is machine data relevant and how can it help?
GIOVANNI MORREALE
EMEA Technical Distribution Manager
The European General Data Protection Regulation
PRAGUE 1ST NOVEMBER 2017

© 2017 SPLUNK INC.© 2017 SPLUNK INC.
Goal of the General Data Protection Regulation
“The aim of the GDPR is to protect all EU
citizens from privacy and data breaches
in an increasingly data-driven world”

GDPR
Briefing Overview
GDPR
A Deeper Look
How Splunk
supports GDPR
compliance
Splunk and
Reporting
Examples
Agenda

GDPR
Briefing Overview

GDPR Timelines
The regulation is binding across all EU members states
January, 2012
Commissioner Proposed reform
to Data Protection regulation
May, 2018
Effective Data Protection
Framework comes into force (25th
May, 2018)
April, 2016
EU Council adopted new
regulation
December, 2015
EU agreement on regulation
including the UK after Brexit

Key Features of GDPR
Applicable to any company doing business in the European Union
European
Data
Protection
Harmoniza
tion
Fines up
to
€20m or
4% of
turnove
r
Mandatory
Privacy
Impact
Assessme
nts
Privacy by
Design &
Default
72 Hour
Breach
Notificatio
n
Mandator
y Data
Erasure &
Portability
Consent
for
Personal
Data
Profiling

GDPR Advice
from the
information
commisioner
office

GDPR
A Deeper Look

Looking into the Details
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

Taking into account the state of the art, the costs of implementation and the
nature, scope, context and purposes of processing as well as the risk of varying
likelihood and severity for the rights and freedoms of natural persons, the
controller and the processor shall implement appropriate technical and
organisational measures to ensure a level of security appropriate to the risk,
including inter alia as appropriate:
Article 32 – Security of processing
Understand Threats
& Risks
Use of Encryption &
Anonymization
Regular Evaluation
of the Security Policy
& Practices
Ensure
Confidentiality,
Integrity, Availability
and Resilience of
PII Systems and
Services

1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72
hours after having become aware of it, notify the personal data breach to the supervisory authority competent in
accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural
persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons
for the delay.
...
3. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
The notification referred to in paragraph 1 shall at least:
(a) describe the nature of the personal data breach including where possible, the categories and approximate number
of data subjects concerned and the categories and approximate number of personal data records concerned;
(b) communicate the name and contact details of the data protection officer or other contact point where more information
can be obtained;
(c) describe the likely consequences of the personal data breach;
(d) describe the measures taken or proposed to be taken by the controller to address the personal data breach,
including, where appropriate, measures to mitigate its possible adverse effects
....
Article 33 – Notification of a personal data breach
to the supervisory authority

“In the case of a personal data breach, the controller shall without undue delay and, where feasible, not
later than 72 hours after having become aware of it, notify the personal data breach to the supervisory
authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a
risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not
made within 72 hours, it shall be accompanied by reasons for the delay.” …
1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural
persons, the controller shall communicate the personal data breach to the data subject without undue
delay.
2. The communication to the data subject referred to in paragraph 1 of this Article shall describe in clear and
plain language the nature of the personal data breach and contain at least the information and
measures referred to in points (b), (c) and (d) of Article 33(3).
Article 34 – Communication of a personal data
breach to the data subject

“Each controller and, where applicable,
the controller's representative, shall
maintain a record of processing activities
under its responsibility”
Article 30 – Records of Processing Activity

Finding of the ICO at a
Privacy Audit
Search and
Report on
data
processing

You wake up in the
morning and your
data privacy officer
is on the phone
The Day in a life of a
GDPR Breach
● Breach Happening, How it looks like
● Crisis Communication Internally
● Investigation Steps
● Finding out who was impacted, when it
did start, what type of a breach it was
● Communication Strategy Externally
● Data Privacy Audits from the
government
● You need to prove you did everything to
mitigate the risk for individuals
● You need to answer when did you know
what and how did you know about it?

How Splunk Supports
GDPR Compliance

© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY.
Splunk can help your Organization with GDPR
▶ GDPR about People (IT & Legal), Process and
Technology
▶ Splunk helps to detect, prevent and investigate
breaches
• Breach Notification Article
• Breach Communication to Individuals Article
• Implement appropriate techn. Measures (Article)
▶ Prove GDPR security controls are enforced
• Data security article / state of the art tech / implement
appropriate techn. Measures
▶ Search and report on personal data processing

Prove GDPR
Security Controls
are enforced
Detect, Prevent
and Investigate
Data Breaches
Search and Report
on Personal Data
Processing
Splunk for GDPR

Splunk for GDPR
Detect, Prevent
and Investigate
Data Breaches The Forrester Wave:
Security Analytics Platforms, Q1 2017Gartner MQ for SIEM, Aug. 2016
IT Operations
Application Delivery
Industrial Data & IoT
Business Analytics, Future Markets
IT Security, Compliance & Fraud
Monitor Detect Investigate Respond
Enterprise
ES, UEBA
On-Premise, Cloud, Hybrid | Analytics for Hadoop
Different people
asking
different questions…
…of the same data.
Machine
Data
Article 33 - Notification of a personal data breach to the supervisory authority
Article 34 - Communication of a personal data breach to the data subject
Data Breach
Notification

Splunk for GDPR
Prove GDPR
Security Controls
are enforced
Article 32 - Security of processing
Article 58 - Supervisory Investigative Powers
Risk
Minimization
Report
Compliance
DPIA

Splunk for GDPR
Search and Report
on Personal Data
Processing
Article 30 - Records of Processing Activity
Article 5, 15, 17, 18 and 28 - Data Subject Rights
Supply chain
Obligations
Right to be
Forgotten
Right of
rectification
Right of access
Right of data
portability
…

Machine Data plays a critical role and helps your organization to
comply with the GDPR - Are you prepared?
We invite you to ask for a GDPR Workshop!

▶ What’s the current status within your Organizations? Data Impact Assessments
happened?
▶ Who owns the GDPR Program in your organization?
▶ What are the Key Challenges?
▶ What are expected changes that influences the IT Department? What changes
have happened already?
▶ What capabilities need to be established for breach notification?
▶ What capabilities need to be established for data privacy audits?
▶ How about monitoring of PII processing activities?
Questions to ask yourself
HINTS

Visibility and Enforcement for GDPR
API
SDKs UI
Report Compliance
Detect, Prevent
and Investigate
Data Breaches
Example Data Sources…
On-Premise, Cloud, Hybrid
No rigid schemas – add in data from any other source.
Protect
…
Classify
SDM/ControlPoint
…
Find
Trust Center
…
Prove GDPR
Security Controls
are enforced
Search and Report
on Personal Data
Processing
Govern
Content Manager
…
Securiity
IT-Ops
Cloud
IoT
…

Top Goals Top Splunk Benefits
▶ Continuously Protect the business
against:
• Data Breaches
• Malware
• Fraud
• IP Theft
▶ Comply with audit requirements
▶ Provide enterprise Visibility
▶ 70% to 90% improvement with
detection and research of events
▶ 70% to 95% reduction in security
incident investigation
▶ 10% to 30% reduction in risks
associated with data breaches, fraud
and IP theft
▶ 70% to 90% reduction in compliance
labour
Splunk for Security & Compliance

▶ Data in transit: Encryption
▶ Data at rest: Encryption
▶ Data at rest: Integrity
▶ Data/Fields within Splunk:
• Anonymization in raw event
• Anonymization in presentation layer
• Pseudonymization in raw event
• Pseudonymization in presentation layer
CTA: Pseudonymization of PII
Stay compliant whatever occurs in your machine data
risk
minimization
strategy

Splunk
and
Reporting Examples

How can Splunk help?
ALL DATA IS SECURITY RELEVANT
Security &
Compliance
Reporting
Real-time
Monitoring of
Known Threats
Detecting
Unknown
Threats
Fraud
Detection
Insider
Threat
Incident
Investigations
& Forensics

Solution: Splunk, the Engine for Machine Data
Custom
dashboards
Report and
analyze
Monitor
and alert
Developer
Platform
Ad hoc
search
References – Coded fields, mappings, aliases
Dynamic information – Stored in non-traditional formats
Environmental context – Human maintained files, documents
System/application – Available only using application request
Intelligence/analytics – Indicators, anomaly, research, white/blacklist
Real-Time
Machine Data
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
DatabasesCall Detail
Records
Energy Meters
Firewall
Intrusion
Prevention

200+ APPS
The Splunk Platform for Security Intelligence
Splunk Enterprise (CORE)
Stream data
Cisco
Security Suite
Windows/ AD/
Exchange
Palo
Alto
Network
s
FireEy
e
Bit9
DShiel
d
DNS
OSSEC
Splunk UBASplunk for Security

Thousands of Global Compliance Customers

▶ Who is accessing
which information?
Data Governance & Insight
Application Insights 360

▶ Assigned roles and
privileges
Data Governance & Insight
User Roles Overview

Prove GDPR security
controls are enforced
Splunk helps to detect,
prevent and investigate
breaches
Search and report
on personal data
processing
What GDPR use cases does Splunk help solve?
Breach Investigation Notification: 72 Hours

▶ Next 7 Days
• Identify GDPR systems and applications in scope
• Find a lawyer within your organization and sync up with them to find out about their
requirements.
▶ Next 30 Days
• Review the current capabilities you have in place
• Think about how GDPR impacts the IT processes and systems you have already
• Review how the GDPR requirements can be incorporated into other compliance mandates you
have to comply with
• Reach out to us for a GDPR Workshop
Next Steps

Thank you

Backup Slides

How much control do you have over
the information you provide online?
To what extent do you trust authorities
and private organizations to protect
your data?
Key GDPR Drivers: Data Protection & Privacy
The Eurobarometer survey – June 2015

Personal Data (PD)
• Data unique to an individual;
• Obvious identifiers → National Identifier, Passport No., Driver’s
License; email address (including work address)
• Less obvious identifiers → Cookies/beacons, IP address, MAC
address when connected to a person
Sensitive Data
• Ethnicity, gender orientation, race, religion, sex, health, criminal
history, etc.
Data….what data are we talking about?

Thank You

Splunk: How Machine Data Supports GDPR Compliance

More Related Content

What's hot (17)

Viewers also liked (7)

Similar to Splunk: How Machine Data Supports GDPR Compliance (20)

More from MarketingArrowECS_CZ (20)

Recently uploaded (20)

Splunk: How Machine Data Supports GDPR Compliance