Skip to main content

 

Splunk Lantern

Using Splunk Enterprise Security to ensure GDPR compliance

 

The digitalization of nearly all information that people interact with impacts all businesses, from large corporate enterprises to small-scale store fronts. This trend has forced improvements to common data collection processes, but it has also presented many new challenges, especially in the data security arena. The larger the volume of data collected, the greater the risk of a security breach. For this reason, the security of sensitive data and accountability for those that handle it has become one of the most critical priorities for organizations subject to compliance regulations. Splunk Enterprise Security can help by making it easy to implement compliance-based use cases in data security, monitoring, and alerting.

This article is part of Splunk's Use Case Explorer for Security, which is designed to help you identify and implement prescriptive use cases that drive incremental business value. In the Security maturity journey described in the Use Case Explorer, this article is part of Compliance.

What is GDPR?

The General Data Protection Regulation (GDPR) is Europe’s framework for protecting security and privacy for Personally Identifiable Information (PII). GDPR was introduced in May 2018, and it applies to any legal entity which stores, controls or processes personal data for EU citizens. It focuses on two different categories of data:

  1. Personal data, such as an IP address or username
  2. Sensitive personal data, such as biometric or genetic data.

You can use Splunk Enterprise Security use cases to manage GDPR for in-scope systems to ensure compliance. GDPR permits retaining data for “legitimate interest” (as per article 6) which may allow the retention of log files for security purposes. 

Some questions you might have about using Splunk Enterprise Security for GDPR compliance include:

  • How do I design data protection in Splunk Enterprise Security?
  • How can I detect threats that can lead to data breach?
  • How do I ensure we have visibility into our data?
  • How do I make sure proper authorization is being used?

Because GDPR is a comprehensive regulation, there are many steps you need to take to ensure and maintain compliance. Implementing value-driven use cases in your Splunk Enterprise Security environment benefits your business significantly in meeting the requirements of GDPR.

{es}} provides investigative capabilities, threat detection, compliance reports, data management, and alerting of anomalies. Splunk Enterprise Security also helps your business in many other areas of data security, such as data collection, normalization, and storage to automatically demonstrate compliance. 

Value-added use case solutions

Compliance with GDPR without proper visibility creates unacceptable risk gaps, as well as loss of time and resources. If you know the use cases that you can benefit from, you can more easily organize and focus your resources to properly address the true gaps in your security posture.

Some of the use cases that you can use in Splunk Enterprise Security to ensure GDPR compliance are:

Protecting data

Your business should adopt data security in all technical processes of your organization, as well as within the products, services, and applications you implement. Data owners need to know that only necessary data is collected within the organization, and it is collected and stored in specific secure steps. Splunk Enterprise Security monitors the security posture at every layer of your organization and analyzes possible problems as they arise. Your business can ensure that data owners feel safe under all circumstances while complying with GDPR standards.

Monitoring threats that can cause data breaches

It's a requirement under GDPR that within 72 hours after detecting a data breach, a detailed and descriptive notification to the authorities must be made and necessary recovery measures taken by your business. Fast, efficient, and effective actions are required to protect against possible data breaches. Splunk Enterprise Security can perform behavioral analysis of users who persistently try and fail to access data. These records, like usernames, IP addresses, and movements of these users, can be quickly reported and monitored by the SOC, helping security teams to prevent security incidents before they happen.

Ensuring data is visible but not exposed

As a data analytics solution, Splunk Enterprise Security enables information visibility and makes data available for searching and documentation. GDPR principles require that data be stored on behalf of data owners in a protected and traceable manner. When you use Splunk Enterprise Security for GDPR procedures, you don't have to worry about data being accessible or transparent where it should not be.

GDPR stresses the need for data protection by "design and default" (as per article 25) through measures such as data pseudonymization, tokenization, encryption, and minimization. Importantly, GDPR gives EU residents the right to ask (as per article 15) for a copy of any personal data of theirs that an organization might be holding or using, and to request prompt rectification of any incorrect information.

Next steps 

Overall, Splunk Enterprise Security can be a valuable tool when safeguarding data within your organization. While any SIEM product is not an end-all solution for being GDPR compliant, such tools can help to address some of the requirements for appropriate technical and security controls under GDPR. To do more with Splunk Enterprise Security, try the use case Detecting Personally Identifiable Information in log data.

Still having trouble? Splunk has many resources available to help get you back on track. We recommend the following: