22 August 2017
John Safa

John Safa

John Safa - Pushfor Ltd

6Posts 38,239Views 0Comments

GDPR means taking a hard look at communications channels

13 February 2017  |  5405 views  |  0

GDPR should make life a lot easier in some ways. If you’re doing business in Europe, it makes sense to be dealing with a set of standard regulations rather than navigating through individual markets’ rules. But the penalties are going to be much tougher for companies that get it wrong.

I’d bet that most financial institutions – and they’ll be the ones under the most scrutiny – are going to have a pretty rough time getting ready for it.

The issue isn’t just how banks hold customer data within the organisation, or how they report a breach. We’ve known about that stuff for long enough that there’s no real excuse for getting it wrong.

The big issue in my mind is the impact on the data that gets sent every day bypassing corporate control.

I’m talking about IM.

Every day, millions of messages are sent over IM from some of the most security-conscious organisations in the world. It’s a great way to communicate urgent or time sensitive information. It’s the future, there’s no doubt about it.

But it’s inherently insecure. Your data sits on a server that you don’t control, in an environment that might adhere to different regulations. Your data might be split between the US and the EU, depending on which IM system you use. You don’t have access to that data, and as a result, you have no audit trail. It’s completely uncontrolled. Imagine the practicalities of having to pull together data from an IM trail if you have a data leak. Having to prove where that data was sent from, to, and where it ended up.

As I wrote last week, some banks are banning IM altogether to reduce the risk. I’m not surprised by that, but it’s not the long-term answer. IM isn’t going away as a communication method. What we should be doing is rethinking how to make it secure, and bring that data back under corporate control. The only way to do that, is to retain the data in an environment that sits in your jurisdiction, probably on your servers but certainly on servers that confirm to your security requirements.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from John

What is the future of Know Your Customer?

13 July 2017  |  8931 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

GDPR and the redefining of personal data

26 April 2017  |  6636 views  |  1 comments | recomends Recommends 0 TagsSecurityRisk & regulation

The real impact of the Vault 7 CIA data leak

09 March 2017  |  6362 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

GDPR means taking a hard look at communications channels

13 February 2017  |  5405 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

Why all banks will follow Deutsche Bank and ban insecure messaging apps

06 February 2017  |  5827 views  |  6 comments | recomends Recommends 0 TagsSecurityRisk & regulation

John's profile

job title Founder and CTO
location Wimbledon
member since 2017
Summary profile See full profile »
John Safa is the founder of Pushfor, a new secure messaging and content sharing platform for business. He is a tech entrepreneur and security expert.

John's expertise

Member since 2017
0 posts0 comments
What John reads
John writes about
SecurityRisk & regulation

Who's commenting on John's posts

Dharmesh Mistry
Nicola Cowburn
Michael Wright