GDPR is here and there are a lot of companies struggling with it. There has been plenty of time to prepare, but potential fines and regulatory demands are always difficult to deal with. Solutions providers have a responsibility to their clients to maintain GDPR compliance. This especially applies to network performance monitoring vendors, as clients rely on them to achieve compliance internally.
GDPR may have increased the market need for network performance monitoring. One component of GDPR that isn’t mentioned often is its restrictions on public Wi-Fi. This will especially impact companies based in the US that have a European presence. Network monitoring tools will provide security to customers using public Wi-Fi.
Considering the importance of GDPR, it’s important to know how cloud providers are reacting to these changes. Many organizations are changing their entire terms of service to be compliant, even for US citizens. Below we’ve compiled some of the responses from the top network monitoring vendors. In order to be completely vendor neutral, we’ve used the three leaders listed on Gartner’s Magic Quadrant.
As with many vendors in the space, NETSCOUT is fully supportive of GDPR and its goals. Thus, they’ve been working to enhance the privacy principles of their products. When GDPR was announced in 2016, NETSCOUT created a global project to prepare their internal processes and the commercial offerings.
- NETSCOUT protects personal data through reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure.
- NETSCOUT performs robust security measures on its infrastructure (both on-premise and in the cloud) such as antivirus, firewalls, scheduled vulnerability scanning, penetration testing and security code peer reviews.
- NETSCOUT’s infrastructure (both on-premise and in the cloud) is hardened against DDoS attacks and monitored 24x7x365.
- All NETSCOUT personnel who are authorized to process personal data have committed themselves (through employment and confidentiality agreements) to the confidentiality and security of personal data.
- NETSCOUT encrypts all traffic communications on its cloud, in addition to anonymizing, pseudonymizing, or obfuscating data where technically possible.
- NETSCOUT has an internal process for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures for ensuring the security of the processing of personal data.
Riverbed assures its customer’s that it is personally GDPR compliant. They state that they are working with their partners and customers, and they’ve reviewed and updated their contractual agreements and DPA. Additionally, they also say they have ensured GDPR compliance throughout their entire supply chain.
“Compliance with the GDPR requires a partnership between Riverbed and our partners and customers in their use of applicable Riverbed services. In this context, Riverbed generally will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Riverbed encourages partners and customers to independently familiarize themselves with the GDPR.”
On Viavi’s website, they primarily focus on their Observer Platform for GDPR. Specifically, they mention their GigaStor appliance. GigaStor acts as a CCTV for networks. It catches everything that passes through it. Their platform works under GDPR in the following ways:
- Pre-incident validation that the organization has taken sufficient steps to ensure its ability to investigate and report attack details to authorities within 72 hours, as well as the ability to verify successful remediation.
- Pre-incident discovery and mapping of network infrastructure involved in supporting applications and services collecting, analyzing and storing personally identifiable information.
- Post-incident investigation with the Observer Platform and its captured data can prove that no information was compromised and help organizations identify or provide documentation of what data was affected, how access was achieved, and if intellectual property was compromised.