Azure and the GDPR

In May 2018, the UK government will introduce the new General Data Protection Regulation (GDPR). This replaced the old data protection act and has been structured to reflect the way in which data is now handled. The old Data Protection Act has been in place for several years, and over that time, the way that companies manage personal data has changed considerably – both in terms of the type and volume of data that is stored, and the uses of that data.

Although the GDPR is a piece of European legislation, it will still be observed in the UK following Brexit, and as such, it is essential for businesses to both familiarise themselves with the requirements of the legislation, and to ensure that the way they manage data is in line with the regulation.

Who the GDPR Applies to

The way the GDPR Is written covers two specific roles:

  • Data Controllers
  • Data Processors

A data controller sets policies with an organisation about how and why personal data will be processed, whereas a processor acts on their behalf to process the data.

Controllers and Processors are defined roles, but they are applicable in all organisations who store data – whether this is data about staff or customers.

In terms of these two roles, the responsibilities under the new GDPR legislation have changed considerably, particularly for Processors. Data processors are now required to maintain records of activity related to personal data. In practice, this becomes a responsibility at a policy level to provide tracking of usage within the organisation.

In short, if you are an organisation of any size that holds any personal information, then you need to ensure that your policies for controlling the way that data is used are compliant with GDPR guidelines.

The GDPR brings in several rights for individuals about whom data is stored. They now have explicit rights to be informed about what data about them is held, along with a right to accessing that information. An individual now has a right for data about them to be deleted, or rectified and to restrict how that information is used.

Data Storage

One of the requirements of the GDPR is that consent is obtained if data about an individual is going to be stored outside the European Union.
There have been historic requirements in the UK for some personally identifiable information to be hosted within a UK data centre, which has limited the ability of businesses and local government to take full advantage of the cloud. The GDPR doesn’t change this much at an EU level, although for the UK, it does mean that data can now be warehoused in the EU rather than just physically in Britain.

Consent is still required if you want to store personal data outside the EU.

This change reflects the way that data is managed by many businesses already, but has benefits where a company wants to host their database in the cloud. If the public cloud provider that you use spreads load across multiple regions, then it may be possible to breach the GDPR.
The new legislation better recognises cloud services and offers more flexibility to businesses – provided that their systems are compliant.

Azure and the GDPR

Over the past year, there have been many developments within the Microsoft Cloud portfolio that are relevant to the GDPR. Microsoft have major European data centres already in the Netherlands and in Ireland which are both EU, and as such are under the legislation. The company has also opened large UK datacentres to meet demand in this country. This provides additional flexibility for data owners to choose where their information is hosted.

In parallel with the Microsoft Owned data centres, the rise of Azure Stack implementations in 3rd party data centres provide additional flexibility about where data is warehoused.

What do I need to Do?

As a business, it’s essential that you ensure that your IT Strategy and data policies are compliant with GDPR before the law comes into effect in May 2018. For businesses using cloud services such as Azure, it is particularly pertinent, and important to perform a comprehensive audit of where and how data is stored to ensure that responsibilities are being met.

Valto are experienced cloud specialists with a team that are fully briefed on the requirements for businesses and other organisations under the GDPR. For more information or to book a compliance audit, please contact a member of our team on 03335 779 009 and we will be happy to help.

Increasing SharePoint Adoption in Your Business

Choosing SharePoint as a platform for collaboration within your organisation can require substantial investment as it is tailored to meet your needs. Whether you need bespoke development or large-scale configuration changes, there will always be a requirement for some customisation. As with any major IT strategy investments, there is a need for the project to deliver some commercial outcome for the business – whether this is increased efficiency; better data management; or simply a streamlined process of communication.  Increasing SharePoint adoption within your organisation drives success.  With more people using the platform, you will get more of the benefits that it can bring.

Challenges in increasing SharePoint Adoption

A challenge for businesses when they move to SharePoint is encouraging adoption amongst staff within the business. There are many reasons why staff may not adopt SharePoint within a business. In some cases, this is related to a lack of understanding of what the platform offers – that can often be cured with training; in other cases, moving to SharePoint represents a major change in the working patterns that people have and they resist it. Finally, there are people who view SharePoint as a threat – they may feel that the increased access to productivity information may be used against them by management or that targets will increase.

increasing sharepoint adoption

Whether you are moving to SharePoint for the first time, or are increasing the use that it has within your business, it is important to consider an adoption plan as part of your roadmap to ensure that the value of your investment is maximised. At Valto, we have worked with businesses to help increase adoption of the platform and focus on several areas to soften the change and make it easier for staff to understand the benefits. We can do this through training and workshops where key stakeholders will be provided with the materials to drive change deeper into the business.

We focus on the key benefits of SharePoint when tailored to your organisation – this means that any information is real world and specific to your staff and how the development of the platform will benefit them.

Reducing Duplication of Effort

One of the biggest benefits of a fully collaborative working environment is that staff can simplify the process of working together to complete a task. Traditionally, if multiple staff were working on the same document you would run into issues with version control or duplication of work. With in-line collaboration through SharePoint and Office 365, staff can clearly see what others are working on and avoid duplication. This makes them more efficient and enables work to be completed faster.  With a SharePoint Intranet that supports collaboration, you will help staff work better together.

Improving Collaboration and File Management

Traditionally, businesses would use a shared drive to give staff access to content. The drawback of this would be that a shared drive doesn’t allow staff to work on the same document at the same time – which leads to problems with version control.

Using SharePoint’s built in tools for collaboration and approval saves time and effort for staff and simplifies the management of files to ensure that there’s only one correct version and that all changes are recorded and properly attributed.  When staff become aware of the benefits, increasing SharePoint adoption will help to drive wider usage among holdout staff.

Improving Process Management

Changes in process can be a problem with teams due to inertia. The introduction of SharePoint into a workplace often results in changes to process as approval systems and efficient workflows are brought in.

Planned processes do increase efficiency, but there can be resistance to them if the perception is that the old way was better.
Including staff in the workshops for planning how SharePoint will be used is the most effective way of ensuring that the new workflows will be accepted and the benefits of more structured processes within your organisation can be felt.
Improving Access to Information

Even with a structured, hierarchical file management system in place, it can be difficult for staff to find the content that they’re looking for in a timely way. Demonstrating the effectiveness of SharePoint’s search functionality to staff provides them with a demonstrable benefit instantly and can be a key factor in increasing SharePoint adoption.

Summary

To drive increasing SharePoint adoption in your business, the most important thing you need is buy in from staff. If you are seen to be imposing a new system without demonstrating the benefits that come from it, resistance and low adoption can be the outcome.
Providing training to staff and getting staff in each team to volunteer as champions to lead the process of rollout to staff helps enormously. Involving them in the development process is also necessary to get as many people on board with the project as possible.

The main driver for adoption through is ensuring that the applications built in Microsoft SharePoint are properly designed to meet the specific needs of your teams. If the project is not fully thought through, or executed badly, or if performance is a problem, it creates a negative impression of the platform and stifles usage.

Talk to a member of the Valto team about how we can help with the process of increasing SharePoint Adoption in your business and how our approach to development makes a difference to end user satisfaction. Call us today on 03335 779 009 .

Improving Cloud Security in Azure

Exponential increases in the amount of data that modern businesses use to operate effectively mean that the value of that data is also rising at a staggering rate.  The value of this data to businesses makes it a major threat, and over the past couple of years, we’ve seen many high-profile cases of criminal activity targeting this data.

The biggest story in information security this year was the WannaCry exploit which encrypted user data and held it to ransom.  While this exploit was countered relatively quickly, it has been followed by several other similar attacks.

Quite rightly, data security is now very much on the agenda in board meetings around the world, the threat to a business’ operations from data being stolen or made inaccessible is being taken seriously, and CTOs are demanding full audits of their current security procedures to ensure that data is safe.

Is the Cloud Secure?

In common with many viruses and other InfoSec threats, WannaCry exploited a vulnerability in older versions of Windows.  This particular vulnerability had been patched in modern Windows versions, but was accessible in legacy OS versions used in many organisations – particularly the NHS.

The bigger issue was that the data that was encrypted was held locally (or on a network connected server).  This meant that if a specific machine became compromised, the data on it would become encrypted and inaccessible.

Unless the ransom was paid, the data would remain encrypted and eventually deleted with no hope of recovery.

While the same could happen on cloud hosted Virtual Machines – if it was deployed to run an unsupported version of Windows – the data could potentially still be accessed in a back up version.  Rather than needing to pay the ransom, the IT department could just roll back to an older version of the VM or database, apply the patches that had been put in place and then move on.

In this scenario, the cloud is not necessarily more secure, however it would be easier to recover.  However, there are a few tools available – particularly for Azure – that do make the cloud much more secure and a better choice for businesses wanting to protect their valuable data.

Azure Security Center

Azure Security Center is a Microsoft Product that is designed to manage policies across your Azure deployment.  It includes a dull range of tools to handle security.

Core to the Security Center is a suite of tools that can be used to define security across different areas.  The Suite includes recommended actions to take and take the guesswork out of what is required at various levels.

A key feature of Azure Security Center is the availability of third party solutions that can be deployed from inside the suite.  Tools from most major firewall providers and antivirus providers are available.  Rather than just being available as an app model, third party security solutions are integrated for data collections to allow analysis through a single dashboard making spotting security threats more straightforward.

Analytics software within Azure Security Center detects threats quickly and provides notification of any events.  This means that risks can be addressed before they become critical.  The depth of data available through Microsoft’s wider resources means that the number of false positives is reduced.

If an attack does affect data or systems in Azure, the Security Center provides the insights about exactly what resources have been affected.  This means a quicker clean-up is possible with solutions suggested by the tools.

Ready to Find out More?

Valto’s team are fully qualified Microsoft Azure consultants with experience in deploying and providing ongoing Azure management.  Talk to us about your security needs today and find out how we can help you achieve your IT Strategy goals.  Call now 03335 779 009 .