david-email

GDPR and how do we implement it in the software development process?

All the companies providing goods or services for the EU citizens will have to adhere to the new data protection rules or face fines of up to 4% annual global turnover or roughly $24.5M. As the GDPR comes into force it will affect businesses all over the world.

What is GDPR? Who needs to prepare for GDPR?

Any organization which gathers or processes EU citizens’ personal data is subject to the regulation. Moreover, all your contractors (including software development companies) need to adhere to the standard for your app to be GDPR-compliant.

How we implement it into your software:

1. Get informed consent from the user

The GDPR states that businesses now have to ask users to agree to collecting and processing their personal information. The request “must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent

2.We will minimize the collected data

We will make sure that you are collecting only the information you can’t do without. And, if possible, implement automatic deletion of the data you no longer need. 

3. We will encrypt personal data

Encryption adds an extra layer of security the hacker must defeat before they can access the information. The GDPR Article 32 requires that personal data is protected by the “state-of-the-art” measures. However, the exact nature of those measures is left for the companies to decide

4. We will implement “privacy by design” 

we making sure privacy is taken care of at every stage of the product’s lifecycle. Implementing this idea is a much larger undertaking.

4.1 Two-Factor Authentication

It protects from online fraud and identity theft

4.2 Blocking brute force attacks

If a hacker intends to use automated login/password guessing, these measures can stop them.

4.3 Automatic Log-Off

This feature helps prevent unauthorized access and modification of data

4.4 Separate domain names for Customer and Admin portals

Separating portals helps protect the information and allows securing the admin section without hampering users.

4.5 HTTP Authentication for Web Admin Panel

This feature adds another layer of protection against them.

4.6 SSL Certificate

SSL certificates protect the information transfer between app server and database or between the user and your service.

4.7 Locking Unused Database Ports

New servers are shipped with all the ports open. Lock the unneeded ones so they can’t be used for intrusion.

4.8 Database can be accessed only from API server IP

Allowing only one IP address will prevent unauthorized access and locate data breaches. Cloud firewalls could help with that.

4.9 Database connects to API server via HTTPS

Encryption helps protect the information while it is in transfer.

4.10 Server is accessed via VPN

VPN adds another layer of security to the data on the server.

4.11 Regular Database backup

Back up the information in the DB and store it on an external cloud service. In the event of a data breach, it will help to minimize losses.

4.12 Regular Server Log Backup

All the server logs should be kept and stored externally. It helps locate inconsistencies in case of hacker attacks.

4.13 Adjust Inotify

Set up triggers and notifications to detect intrusion quickly.

4.14 Log all the Server Actions

Logs allow to find out which data was modified.

5.We will implement “Privacy by default”

“Privacy by default” essentially means that if there are privacy settings in your product, they must be set to maximum at the start.

6.We will implement Pseudonymization

Pseudonymization means storing information that can identify a person (e.g. social security number) and the related data (gender, age, location, etc.) separately.

7. We will prepare for the users to exercise their rights

The new European regulation has given people extra rights that companies must grant: Right to be forgotten; Right to object; Right to rectification; Right to access; Right to portability.

8.We will document everything

The regulation requires companies to not only implement additional data protection measures but also document them to be able to prove that they’ve taken the necessary steps.

9. We will prepare a plan for contingencies

No matter how well you are defended at the moment, it pays to be prepared for personal data breaches.

In most cases, you’ll need to notify the Information Commissioner’s Office (ICO) within 72 hours of detecting a breach. If you opt not to, you must have a valid (and properly supported by documents) reason for it. But if there is a “high risk to the rights and freedoms of individuals”, you need to inform your users as well.

10 elements every production environment must have

1. Redundancy

Redundancy is probably one of the most important ingredients of a successful production environment. If a system or service is critical to the organization, either by producing revenue or preventing the loss of revenue, there should never be a single instance of it. Use the application as well as system redundancy to ensure you can withstand the loss of an entire server. Power and network connections should also be redundant. Some organizations even have entire site redundancies so they can run their operations in an entirely different location.

Cost is often cited as a factor against implementing robust redundancy, but keep in mind that investing in redundancy, while potentially painful at the onset, can reap hefty dividends down the road — even if only for the peace of mind it provides.

2. Disaster recovery capability

A “disaster” can have an ambiguous meaning. It refers to any unexpected misfortune or failure ranging from a crashed application to the loss of an entire site due to a power outage. Plan for disasters that will impact your ability to run a production environment and ensure you have appropriate solutions in place. Some examples:

  • Perform nightly backups of all systems and confirm restore functionality
  • Ship backup tapes/hard drives off-site (or copy data to the cloud so it will be accessible remotely)
  • Take snapshots of SAN volumes and virtual machines to be able to roll back to a known good state
  • Keep spare hard drives, network cards, and servers on hand for emergency situations
  • Install a generator to guard against power outages

3. Secure access

The incident involving the developer deleting a production database would never have happened had the company followed one simple guideline: only provide production access to individuals who actually need it, and configure permissions to match their job role. Store any system or service account passwords in a secured, centralized password database.

Unless someone is going to directly work in production from day one, don’t give them the key to do so. If they do need the access, determine whether “read” permissions are sufficient so they can’t actually change the data.

If employees with production access leave the company, make sure to disable or lock their accounts. If administrators with production access depart, change all the passwords involved such as root or administrator passwords.

4. Standardized access

There are a variety of methods to access production data; via a web browser, SSH connectivity, remote desktop, a Squirrel database client, secure FTP or various other methods. Ensure users have a standard method for production access involving the same client or portal.

5. Minimalism

Your production systems should contain only necessary services/applications. This means there will be less to troubleshoot and patch, and the simplicity will ensure a more predictable and manageable environment. This strategy will also reduce a potential attack footprint.

If applications or services are no longer in use, remove them.

6. A patching strategy

Speaking of patching, it’s a necessary evil. Develop a patching mechanism to ensure production systems are updated on at least a monthly basis.

Rebooting production systems is never anyone’s idea of a fun time, but suffering a data breach makes it look like a picnic by comparison. Besides, if you’re using redundancy, you should be able to patch and reboot a pair of clustered systems, for instance, with zero user impact. However, make sure to let at least a day or two pass before patching all redundant systems, just in case the patch produces an adverse impact which might obviate the protection you’ve implemented via redundancy.

7. Segregated networks

Your production systems should never be on the same network as your other servers, let alone your client workstations. Put them on their own dedicated subnet and maintain access through a firewall that permits only the desired systems to connect via only the necessary ports. This will help ensure security, as well as help, achieve the minimalism I mentioned above.

8. Change management

Change management is the process of documenting proposed changes and their expected impact then submitting a request for review and approval of the said change. Ideally, the request should list the affected systems, the plan for change, methods to validate the changes (both from a system administrator and end-user standpoint, and a backout plan.

9. Auditing, logging, and alerting

Many of the above steps become less effective or meaningless if you’re not using auditing, logging, and alerting. Every action taken on a production system should be recorded and, depending on the severity, should trigger an alert if appropriate. For instance, logging in as root should send a notification to IT staff and/or the security group so they can assess what’s happening and whether an illegal act is occurring.

The same applies to hardware that might be faulty. There’s a saying that “your users should be the last ones to know when production is down.

10. Appropriate documentation

Knowledge is a powerful thing, but the ability to properly share it with others is even more powerful. Staff turnover is a fact of life, and employees who depart with critical information about the production environment stored only in their brains represent a significant company loss.

Documentation of the production environment should be comprehensive and kept up to date. It should include hardware, software, networking details, vendor information, support information, dependencies upon other systems or applications, and any other details necessary to maintain order. Conduct quarterly reviews and ensure all staff responsible for the production environment are familiar with the documentation, and that it is safely backed up in the event of a disaster.