Mainframe Concerns as CIOs Struggle with GDPR Plans

Written by

Over two-thirds of European and US CIOs (68%) still don’t have a proper plan in place to comply with the coming European General Data Protection Regulation (GDPR), especially when it comes to the mainframe, according to Compuware.

The software company polled CIOs across France, Germany, Italy, Spain, the UK and the US to check their readiness for the major new regulation, which will introduce new requirements such as the “right to be forgotten” and strict new penalties for non-compliance.

Only half (52%) said they’d be able to comply with the right to be forgotten effectively, and not many more (55%) claimed to be well briefed on the GDPR and its anticipated impact.

Knowing where data resides is a key early step on the road to compliance, but nearly a third (30%) said they couldn’t guarantee they’d be able to find an individual’s personal data at all, and over half (53%) said it’s particularly difficult to know where test data has gone.

Other factors complicating compliance are outsourcers and mobile tech – which makes it harder to track data – growing IT complexity, and the rapid development of new enterprise apps.

Compuware’s EMEA technical director, Elizabeth Maxwell, told Infosecurity the mainframe will provide particular challenges, likening it to a rabbit warren created over the past 50 years.

“As we move around the warren we can touch the same chambers (data) but from a multitude of different passages; as your business grows, you create new passages. So there is an incredibly complex web of interdependencies that has been built-up between mainframe data as it is transferred between databases for use in the full variety of business processes, systems and services that draw on it today,” she explained.

“This makes it very difficult to trace every instance where a customer’s data appears within your systems, unless you have the specialist skills needed to work on the mainframe; but, personally, I don’t know of any rabbits working this system consistently for the past 50 years. As such, many businesses simply don’t have the ability to maintain a complete picture of all the data they have, or where it is.”

Maxwell urged any organization using customer data to test mainframe apps to ensure they anonymize that data first. She added that CIOs should look to tool up with data discovery and visualization tech which will help teams without specialist knowledge overcome complexity.

“For example, modern visualization techniques can ease the burden significantly, by providing IT teams with an interactive map of where all their data resides, rather than forcing them to decipher complex mainframe code and documentation,” Maxwell added.

What’s hot on Infosecurity Magazine?