Cybrain - Fotolia
The key issues for storage and compliance were discussed at Web Summit in Lisbon, which took place on 7-10 November 2016, including the implications for compliance that result from the explosion of data that will result from the internet of things.
In this podcast, Computer Weekly storage editor Antony Adshead talks with CEO of Vigitrust, Mathieu Gorge, about the types of data created by internet of things (IoT) deployments, how it will be retained, and how we can ensure legal and regulatory compliance.
Antony Adshead: What issues concerning data storage came out of the Web Summit event in Lisbon this year?
Mathieu Gorge: First of all, it’s important to reposition what the Web Summit is about. The event has moved from Dublin to Lisbon and now expects more than 45,000 attendees, covering all areas of IT and web, including payment, e-commerce, IoT, data, big data, storage and applications.
This year, there were a number of side events in the summit. Some of them focused on enterprise, some of them on data, and some on storage. All of them seemed to dial back to the explosion of data that comes with the IoT.
Adshead: What do you think are the implications for compliance that come from the explosion of data that has been such a theme at Web Summit?
Gorge: From an IoT perspective, if you look at the number of devices now generating data, some is structured, some is unstructured, some is logged and some is not easy to find within the application or device itself.
Either way, we end up with a huge explosion of data, and the feedback from the Web Summit is that we don’t know if the current systems will be able to handle that data in a way that would be meaningful from the security and compliance perspective as well as the storage perspective.
For instance, is there a way of managing the data created by devices that allows you to structurally look at it, classify it and stratify it from a risk and access perspective? This is all unknown at this stage.
I think the key conclusion is there are a lot of unknowns, but at least we are aware of them.
Read more about storage and compliance
- Learn how to comply with data storage compliance regulations such as the Data Protection Act 1998. We also tell you how to enforce data retention and access policies, and prepare for e-discovery requests.
- Data classification is key to efficient storage, security and compliance. In this podcast, Vigitrust’s Mathieu Gorge talks about the fundamentals of a data classification policy.
The best practice to come out of the Web Summit was the need to master your ecosystem and have a way of mapping every IoT device you plan to roll out. You need to understand your data model; the traditional data within your network, data created by internet of things devices and by internet of things management software.
Another key finding was that you can start using the General Data Protection Regulation to do a privacy impact assessment on the type of data that might be held by your devices, especially with regards to healthcare and any device that may have health information.
So, the focus so far was really on banking information and credit cards, but we saw a huge shift towards [managing] health information created or transmitted by our IoT devices.
Again, that data needs to be stored, mapped and protected the right way.
I think we’ve got a long way ahead before there is a proper standard for that. There are a few standards out there, but they are all competing with each other.
We don’t have globally accepted standards for managing IoT devices from the security, data management and storage perspectives, but we expect a lot of work will be done over the next 12 to 18 months.