In a recent interview for TechnologyChiefs, Kinstellar CTO highlighted security risks organisations face from a fragmenting technology architecture caused by the increasing use of SaaS applications creating data islands. Martin pointed out that data breaches could have even greater ramifications with the introduction of new EU GDPR regulation. This legislation was approved in the European parliament in April 2016 and will come into force on the 25th May 2018 and could result in heavy fines for organisations that are non-compliant.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy and is still very relevant even in a Brexit world as explained in this interesting Computer Weekly article.
The watch-out from Martin is an important one but rather than getting tied up in the GDPR regulation specifically, I wanted to explore the point more from a technology architecture viewpoint. I am interested in the concept of fragmentation and what can be done about it to improve security and enterprise controls? It is not uncommon for organisations to have a ‘Cloud first’ policy and as a result they are likely to have enterprise level systems such as CRM, HR and Finance provided on a SaaS platform as well as more specific and niche systems across business units such as project and collaboration tools and product management to name just a few.
One of the important areas we need to address to try and manage this challenge and start to mitigate the risks Martin raises is how we manage identity and access. You need to look at a converged identity and access management approach such as Identity as a Service (IDaaS) which will allow you to centralise control and policy to all these disparate web applications across mobile and fixed devices. This will not only improve the security situation but also importantly.
Some of the leaders in this field that would be worth further research and investigations are Microsoft’s Azure Active Directory, Okta and Centrify and a there is a useful review of some of the major suppliers in the following PC Mag article.