GDPR and Data Security

Given this and the extended journey that data can sometimes take both inside and outside an organisation, the products that are used to manage it may need to be quite sophisticated. But nothing completely new is required for GDPR, Alison Nixon pointed out. There are already quite a few very capable solutions available.

‘Vendors are now not necessarily bringing out new products – what they and we are doing is giving resellers a better understanding of what components and solutions are out there and can be used to help with data protection and GDPR.’

Demand for data security and management is undoubtedly growing at a rapid pace, although how much of this is down to the impending arrival of GDPR on the statute books is not easy to say. ‘The cyber security market is growing at a rate of knots and we have seen above-market increases in our business year-on-year. We have had two fantastic years and we are expecting it to grow significantly again this year.’

Security information and event management (SIEM) and data loss prevention (DLP) are two of the biggest areas of interest right now and both have a key role to play in helping organisations to manage data and thereby show they are doing everything they can to meet the demands of GDPR.

Positive responses

Some resellers are already taking these solutions to customers and getting positive responses. But there are many others who are not yet fully addressing the opportunity, David Ellis believes. He said there is particularly good potential in the mid-market and SMB space, where despite their best intentions, many firms just won’t have got their heads around how they can manage data effectively as yet. ‘Those companies have perhaps not had to consider security much in the past – certainly not in the same way as they will need to now,’ he said.

Alison Nixon pointed out that Tech Data Advanced Solutions is more than ready to support any partner in taking solutions that will help customers to meet GDPR requirements to market. ‘It is our job to make sure that the channel is fully equipped to sell and support these products – by enabling partners with skills or providing the services and support ourselves on their behalf.’

Indeed, Tech Data has been expanding its security practice, creating a stand-alone business unit to focus on the area at the start of this year and placing Nixon at its head. This is important, she noted, as selling security needs real focus.

‘Security is absolutely at the forefront of everyone’s mind now and the way you present and package it has to change. It is not a series of point products anymore and resellers are looking for distribution to become a ‘business outcome’ based solutions advisor and a specialist in security – and to be able to talk them through issues such as GDPR and ransomware. That is going to be the role of distribution in the future.’

There will be a longer-term opportunity for resellers to make security a part of their mainstream business – but it may need to be presented and offered in a different way, she added. ‘There is a shift in the way IT security needs to be sold. A lot of that now is around use-case scenarios and there is also a shift to managed and cloud-based services and incident response, where you actively manage and monitor the customer’s systems. The services wrap-around potential is huge.’

‘There are already quite a few very capable solutions available, but they just have not had that much attention up until now.’ – Alison Nixon, Business Unit Director Security, Tech Data UK

Building trust 

But can resellers do it all? David Ellis does not think there will be too many that can. While it will be important for the reseller to position themselves as the key trusted provider on security and data management, he believes they will need to have their own network of trusted partners that they can rely upon.

‘They probably can’t do everything when it comes to security and data, resellers will need to build a viable ecosystem of partnerships. It might not always be the reseller who goes out and provides an assessment for example, so they may need to work with our professional services team and other experts, who have skills that complement their own. I think that will become more important in the future.’

There is no question however that the opportunity is big and is going to keep expanding, said Alison Nixon. ‘We are in an extended period of transition in which we will see increasing dependency on the cloud and the growth of IOT and other smart connected devices.
We will need inherent security for devices and for autonomous vehicles and drones. It will continually evolve and the need to
secure connections and devices will continue to grow. GDPR is just the start.’

GDPR basics
what needs to be done?

Who does it affect?
General Data Protection Regulation affects all organisations that collect and process data for their own purposes (‘controllers’) as well as to organisations that process data on behalf of others (‘processors’).

What must you do?
They must tell individuals about their processing of personal data. This must include why the personal data is being processed, how long the data will be stored, and with whom the personal data will be shared.

What data are you processing?
Organisations must have a legal basis for processing personal information. For example, where the processing is necessary to perform a contract, where an individual has consented to the processing of their data, or where the processing is in the organisation’s “legitimate interest” (assuming that interest is not outweighed by the individual’s rights).

What’s the opportunity?
The reseller’s role in GDPR is that of an advisor. IDC predicts GDPR will create a $3.5 billion market opportunity for data security and storage vendors. IT practices may need to be overhauled, including how backup and archiving can be managed to ensure specific data can be located and deleted, and security infrastructure updated.

What are the solutions?
There is no recommended prescription of specific data protection technologies, and there is no ‘one-size-fits-all’ solution to ensure customers are compliant. It will take a mixture of technology, people and processes to ensure organisations tick all the right boxes.