The European Union’s General Data Protection Regulation (GDPR) puts stringent rules on the processing of personal data relating to individuals in the EU by companies and organizations across the globe, and can have a major impact on a company’s data management and storage environment. Compliance with GDPR involves classifying, protecting, and keeping track of Personally Identifiable Information (PII) of EU users.

GDPR went into effect on May 25th, 2018 and impacts more than just European-based organizations. Any organization collecting data from European users must follow GDPR regardless of where the company headquarters are located. Failing to correctly manage the PII of users in the EU can result in fines of up to 4% of a company’s global annual revenue, even if European users only make up a fraction of a company’s customer base.

In compliance with GDPR, the QuantaStor SDS platform now has a Secure Log Reporting feature that ensures all user log data is scrubbed of PII before it leaves the organization for alerting, reporting, or auditing needs. OSNEXUS also complies with other security regulations including NIST, CJIS, and HIPAA in order to effectively secure user data and meet the security needs of customers.

When customers initiate log data collection from QuantaStor systems, the logs are scrubbed of any information that might be identifying such as domain names, email addresses, file names, and password hashes. After gathering logs in a temporary space, many filters are applied to remove sensitive information based on known file formats and patterns. After the scrubbing process, the entire log bundle is encrypted for transport so that if the log bundle is intercepted, it cannot be read without the accompanying private encryption key.

Figure 1: The Send Support Log Files function in QuantaStor SDS allows you to choose the storage system source, where all logs are automatically scrubbed of PII and encrypted for transport.

QuantaStor Secure Log Reporting is always customer initiated and OSNEXUS keeps no customer data with PII. Logs collected before the GDPR compliance date have also been scrubbed to meet compliance requirements.

Secure Log Reporting is one of many feature enhancements of QuantaStor SDS that ensure compliance to various government security regulations, others include Multi-factor Authentication, Role-based Access Controls, Audit Logging, and end-to-end encryption based on military grade AES 256-XTS. For more information on QuantaStor’s security features, visit osnexus.com.

Categories: Storage Appliance Hardware