At first glance, governance may seem out of place here on the Code Matters tech blog for developers. This is a topic that mostly concerned operations in the past and had little to do with coding or the applications themselves. That said, SQL injections were opening up vulnerabilities in web sites and databases as far back as the late 90’s so the need to ensure developers play a part in mitigating the risks introduced by poor or sloppy code is nothing new.
The seriousness and cost of data breaches has escalated in recent years and is about to be elevated to an even greater degree by the EU’s General Data Protection Regulation (GDPR). This new legislation will impose huge fines on companies falling foul of security breaches, and this changes the game massively. Governance and security now need to be factored into every part of the IT estate including the applications themselves. This has become an integral aspect of systems modernisation and therefore part of a developer’s remit.
GDPR will take effect in the UK from May 25th, 2018. It’s a framework of regulations and similar matters most developers probably wish would go away. It might seem like a lot of red tape but at the end of the day it’s about protecting us as individuals in a digital world were we all rely heavily on IT systems. The UK government has confirmed it will adopt the regulation regardless of Brexit so it’s here to stay and we need to take it seriously.
The Information Commissioner’s Office (ICO) is the UK’s independent body that oversees our information rights and their web site provides a lot of useful and generally succinct detail on the subject. This is the page that summarises GDPR.
In the broader sense, governance isn’t just about protecting customers’ data by keeping hackers away. The systems need to be robust, reliable and compliant in all respects to be certain of fulfilling regulatory requirements.
We should be looking at all the components of our IT to identify anything that could compromise the reliability and security of the data. Though not strictly part of GDPR, this should include the identification of any code that is being used illegally such as open source that flouts the rules of the General Public Licence (GPL). In the event of an audit, anything that could pull the plug on parts of your IT is not only a threat to your business, it puts your customers at risk and potentially the integrity of the data you hold about them.
I mentioned SQL injections at the beginning of this blog. These are still a major source of security breaches some 20 years after they first appeared as hackers continue to exploit code and design vulnerabilities to gain access to data. GDPR is a bit like health and safety regulations in the workplace. It places responsibility on all of us but exists for our benefit as my colleague Alanna will be explaining in a follow-up blog shortly. I will also be taking a deeper dive into the more ‘codeworthy’ aspects of governance with news of products, articles and events that deal with the topic from a DevOps and developer’s perspective.
A number of vendors provide solutions that assist with governance and this showcase will help you explore some of these. It introduces products and services that cover network security, data protection, identity management, backup and DR – all of which play a part in GDPR compliancy.
For further assistance please call us on +44 (0)1364 655123, email: firstname.lastname@example.org or Live Chat today for further guidance.