Posted on

GDPR – Your User Database

European parliament buildings

Many companies have a website and a customer database. It is now essential that those of us who rely on consent to hold this data have the express permission of the individual concerned.

Personally Identifiable Information (PII)  includes business email addresses as they identify specific individuals.

To meet our obligations we need to have a clear opt in policy on our website and a database that we can use to audit access. Can you do these things today? If not, please contact Insperitas so that we can help.

Article 32 of GDPR clearly indicates a need to prove security of processing.

 

Please see the excerpt below taken at Feb 23rd 2018 12.25 UTC from:

 

 

Article 32

Security of processing

1.   Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a)

the pseudonymisation and encryption of personal data;

(b)

the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c)

the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

(d)

a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

2.   In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

3.   Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate compliance with the requirements set out in paragraph 1 of this Article.

4.   The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.

 

Posted on

Have you Cloud Costs gone Stratospheric?

Well, to be honest, that’s not at all surprising. It’s an all too common scenario.

costs-graph

Why?

Because companies choose to use Cloud Services for the following reasons.
1. To urgently replace an existing backup solution.
2. Because some new urgent project demands a Cloud based solution.
3. To speedily boost or replace on premise servers.

All of these are time based demands and often they spawn a sudden launch into Cloud without serious consideration of how resources should be managed.

The common problems this creates include:

  • No tagging
  • No one knows why a server was built or if it can be deleted
  • Lack of clear ownership
  • Bills cannot be allocated properly
  • Disagreement as to who owns the shared Cloud services
  • Insecure solutions
  • Inefficient solutions
  • Inflexible designs

Insperitas can help you by:

Evaluating your whole Cloud infrastructure
Ensuring proper systems and processes to enforce best practices
(read more…)
Remediation of existing issues

But you don’t want or need to become dependent on Insperitas. And you probably wont be able to move immediately to meet best practices. A better solution might be for a consultant can come to your site (or work remotely) for 1  day a week to teach and guide your own employees to implement success.

Together let’s bring your costs back down to earth.

earth

Call me  (+44 7932 678578) or fill in your details on our contact page and start moving towards a more cost effective Cloud engagement.

Posted on

Rules for your 1st Cloud Steps

Your  might be considering Cloud for any of the following reasons:

 

You Need  Cheap Secure Offsite Backup. The Cloud can be an effective way to achieve this.

 

Your Server Hardware is Old. You have some applications running on a server that is aging and ought to be replaced. If “Cash is King” then saving the capital expense might be useful.

cash is king

You’d Like to Reduce Your IT Costs. Sometimes a service that is currently provided in house such as email can be delivered more effectively (and possibly cheaper) by a Cloud Service Provider (CSP).

Whatever your drivers are, it is essential that you resolve the following important issues!

 

Choosing the CSP. There are a number of providers. Which one(s) are a good fit for your business?

Account set up. The last thing you need is to set up the account in a way that will leave you frustrated later.

Cost Management. You need to be certain that costs cannot escalate horribly because of a poor design.

Security is essential. How can you be 100% sure that your data (and your customer’s) data is secure?

 

This blog expands on the topics above. I would be delighted to assist you with investigating and providing solutions for any of these. Insperitas is also able to provide support for Cloud solutions.

Choosing The CSP.

maze

The three largest providers are also the most flexible

Amazon Web Services (AWS) is the largest CSP on the planet and offers a very wide range of services. The tools are relatively well known and can be adapted easily. For many this is the go-to place when beginning a Cloud Journey. https://aws.amazon.com/choosing-a-cloud-platform/

 

Microsoft are good at providing a Cloud version of services that they would traditionally provide by selling applications. Email is a classic example. For larger companies MS also offer a mature Identity and Access Management Solution based on Active Directory. Microsoft have a large network of partners and are “Enterprise Ready” in the sense that they are the oldest and most mature of the Big 3 CSPs.

 

Google are slightly newer to providing Cloud Services when compared to AWS. Google Cloud Platform (GCP) provides a much smaller array of services than AWS. However the services which they do provide are very well executed. They have a stated aim to be the largest CSP in the world in the next few years. https://cloud.google.com/why-google/

Setting up the account

The important things to ensure when it comes to setting up your account in either AWS or in GCP are:

  • Dont get locked out! You need MFA but who will have ultimate control?
  • For AWS choose a good Phone number.
  • For Google, will you get an enterprise account or a Gmail account?
  • How can you give access to another account for support?
  • Can you make use of free services?

https://aws-tutorials.blogspot.co.uk/2017/04/setting-up-your-new-aws-account.html

Setting up the account

The important things to ensure when it comes to setting up your account in either AWS or in GCP are:

 

  • Dont get locked out! You need MFA but who will have ultimate control?
  • For AWS choose a good Phone number.
  • For Google, will you get an enterprise account or a Gmail account?
  • How can you give access to another account for support?
  • Can you make use of free services?

 

https://aws-tutorials.blogspot.co.uk/2017/04/setting-up-your-new-aws-account.html

 

Managing Costs

money
money

If you have teenagers in your house you will well understand the difference in attitude to electricity use between bill-payers and non-bill-payers (also known as freeloaders). When you are using your own hosted infrastructure you only have to make sure that you don’t fill up the hard drive or place too many demands on memory and processor. However when you use Cloud Services you need to be sure from day one that you will be warned if your monthly costs are going above your anticipated levels.

 

In addition you need to be sure that your costs are allocated correctly. This isn’t difficult but demands that you follow good Cloud practices right from the start.

Security

padlock

When I setup one of my first Cloud servers I was a little surprised to find out a week later that a virus had been installed on the server. I had left open a port to the server that could have been disastrous. These days whenever I build any service online I start with ensuring that it is secure. This isn’t complicated but it is necessary.

 

For a FREE assessment type code 1709FREE into the “Message” bar on our Contact page

Posted on

Leave a message

So today I am delighted to announce that Insperitas can now take your messages despite being hosted as static pages on S3. <Fanfare>

When the contact form is completed and you hit Send then your browser should collect your data and send it to AWS API Gateway. Then AWS Lambda will post that into S3.  If this doesn’t work well for your specific browser please let me know. You can still email  via your normal method to contact@insperitas.com.

Contact Page

 

Posted on

Some Worthy Credits

I want to take a few minutes to thank the authors and developers whose code I used or whose direction I followed to get this insperitas site to where it is today. I can’t possibly mention every name as I scoured the internet for clues when things went wrong and spent hours on stackoverflow. 🙂

For the contact form:   Thanks to Collins Abonghama  https://www.sitepoint.com/build-your-own-wordpress-contact-form-plugin-in-5-minutes/

For the lambda suggestions along with API Gateway I have to thank David Maple  https://www.codeengine.com/articles/process-form-aws-api-gateway-lambda/

For Form building I followed TGroshon at CodeHabitude https://codehabitude.com/2016/04/05/forms-to-emails-using-aws-lambda-api-gateway/ and also Matt West whose work is posted at https://blog.teamtreehouse.com/create-ajax-contact-form

Also I had some help from my good friend Tim Fuller https://www.linkedin.com/in/tim-fuller-788a2421/ Since I am not a natural developer I needed considerable syntax troubleshooting help.

Of course I also need to thank all the people I have worked on Cloud Solutions with over the course of the past few years at HSBC, FlyBe and  Odeon. There are some great minds out there building some incredible solutions.

There are a number of trainers too at AWS, Google and RedHat who have helped enormously. Having run a number of training courses myself its easy to spot the professionalism.

Contact Page