Case Study Project Services

Protecting data in a complex world

Leading online news and newspaper publisher, Middle East

In brief

Challenge

  • Review data protection policy and procedures in light of GDPR
  • Mitigate risk of fines for data breaches
  • Assess maturity level of organisation in this context
  • Identify security gaps
  • Address wider and long term data security solutions

Solution

  • Deliver Cybersecurity assessment focused on GDPR issues
  • Analysis of software deployments
  • Immediate gaps secured
  • Migrate away from unsupported solutions in the near term
  • Review migration to Azure to provide enhanced cybersecurity

Background

Published in the Middle East with journalists covering the region and beyond, it is a one-stop online location for news, views, and information for the Gulf region. It is the most widely read newspaper and online site in English in the Middle East with a daily paid circulation of more than 87,000 and an online audience of 1,766,000 unique views every month.

Challenge

The news outlet deals with a vast volume of data from a wide range of international sources. As such there has been a significant challenge to insure data is kept secure following the European Union’s General Data Protection Regulation (GDPR) which took effect from May 25, 2018. GDPR legislates how organizations must handle private data from European Union citizens regardless of where in the world the organization is located. Severe fines of up to 4% of annual turnover can be imposed as a consequence of not managing privacy issues compliantly as per the GDPR regulation.

Our customer wanted to understand the maturity level of their data security policies and procedures and get recommendations as to how to deal with the gaps both from a policy and technical solutions perspective.

Solution

Halian and Microsoft initiated a Cybersecurity Assessment including a specific GDPR assessment for their business. The assessment covered inventory and software deployment data and Cybersecurity Controls mapping based on CIS’s (Center for Internet Security) global standards. An additional GDPR assessment covering the four main areas of Discover, Manage, Protect and Report and 162 questions related to those areas were assessed and considered for gaps and optimization. Deployment details for operating systems and software applications were analysed for support coverage and gaps in security patches were identified. CIS’s Security Controls (CSC) were mapped in an interview with key IT stakeholders covering all 20 CSC Controls with 146 different questions.

Outcome

The customer received a comprehensive report with the maturity level of their existing management of data according to GDPR requirements. This extended to immediate improvements in cybersecurity policies and procedures with a clear roadmap on how to improve their maturity level in the near term. They are using the recommendations from the maturity assessment as well as the insights shared in the roadmap to start implementing solutions that will allow them to reach a high degree of compliance on GDPR related issues. The business is using the tactical part of the assessment to replace old and unsupported applications and systems with more recent versions in order to ensure that all copies of software are fully supported and security patched regularly. Halian and Microsoft are now proposing support solutions, improved security software including on-premise to cloud migration services to support the customer.

“The business now has a very clear picture of what technical solutions and processes will be required for them to increase their maturity level for GDPR compliancy. They also fully understand the importance of this regulation for their business. Many other organisations in the region are unaware that failing to take adequate action could result in financial penalties of up to 4% of annual turnover being imposed by the European Union.”

Jacob Wolff, Halian Microsoft Practice Manager