Several countries and jurisdictions are increasing the protection afforded to personal information. The European Union’s General Data Protection Regulation (GDPR) is one of the most comprehensive measures worldwide to rebalance the data relationship between individuals and businesses.

The consequences for Australian businesses – of any size – that have an establishment in the European Union, offer goods and services in the European Union or monitor the behaviour of individuals in the European Union are potentially profound.

Under the GDPR data protection requirements – which came into effect on 25 May this year – businesses must meet obligations covering accountability and governance; consent; mandatory data breach notification; expanded rights for individuals; privacy notices; expanded rights for individuals; data control and processing; and overseas transfers of personal data.

For example, as a brief from the Office of the Australian Information Commissioner points out,  ‘data controllers’ – typically businesses or organisations that decide why and how data should be processed – must advise supervisory authorities within 72 hours of becoming aware of a breach (unless the breach is unlikely to result in a high risk to individuals’ rights and freedoms).

If a data breach is likely to result in a high risk to the rights and freedoms of ‘natural persons’, the data controller needs to notify the individual without undue delay – unless exceptions to this notification requirement apply.

Affected businesses also need to be aware the GDPR gives individuals the right to require data controllers to delete their data in some circumstances – including when the information is no longer necessary for the purpose it was collected, or where the individual withdraws their consent and there is no other legal ground for processing their data.

The penalties for non-compliance are severe – many contraventions can attract fines of up to €20 million or 4% of annual worldwide turnover. For organisations that do business in the European Union and have not fully accounted for GDPR, the message is clear: review data management and control practices against GDPR requirements and, where required, take remedial action as quickly as possible. Talk to Neil or the FirstWave team today on +61 2 9409 7000 to discuss your GDPR requirements.

Before implementing Open-AudIT in his organisation, Software and hardware audits were a loathed activity for Neil and his IT Team.  The company was growing fast and undergoing a lot of mergers and acquisitions (M&A) – great for the bottom line but a nightmare for the IT team who were responsible for keeping track of the Hardware and Software assets owned by the business.

Every year the team would break out the excel spreadsheets that held the asset register to review the age, warranty status and software licenses and versions for all of the devices in the company. Every year there were gaps, anomalies and errors in record keeping that required manual rectification, diverting resources away from customer and product support, until the audit was complete. This often resulted in unexpected licensing costs where usage of software had been under-budgeted in the organisation.

Auditors were the enemy – until Neil stumbled upon a recommendation for a great tool, that would discover and audit everything on a corporate network – turning auditing visits, from an interrogation of records into an exploration of data.

Neil got started on the free version and soon discovered that there were some substantial benefits to having a real-time asset register like Open-AudIT, especially when the team transitioned away from fire-fighting and started becoming more proactive.

He found that he was able to better support his help desk team, who could now quickly identify any device and it’s hardware and software components through customisable dashboards, aiding in quicker resolution of IT issues.

His security team were also impressed, with security vulnerabilities such as file permission changes and unexpected new files were summarised in a scheduled report, helping the team to mitigate risks in a time-bound manner.

The increased visibility into hardware and software, allowed the IT department to save money on their software licenses because they could see at a glance where they were oversubscribed for a product and could negotiate better contracts as the demand for software in the growing company increased.

Auditors were also impressed to see that software assets that were being licensed and hosted from cloud servers like Amazon and Azure were also viewable and reportable from within the application, giving a complete view of the full extent of software assets deployed across the business.

If you would like to understand more about how to work with your auditors to increase performance and reduce costs within your IT team, get in touch with one of our engineers today.  We offer 30 days of free support to anyone trialling Open-AudIT Professional or Enterprise.

An industry partner told me recently about a horror story that could occur to anyone operating in a hybrid network environment. One of their former employees had an EC2 instance they had spun up for testing purposes and paid the initial fees with Amazon credits, something most of us would have done. This staff member, however, left the company and did not inform them of the instance. Fast forward two years and there was a substantial bill that was directed to this company.

There are a lot of advantages for creating a hybrid network environment, but stories like this are commonplace when they shouldn’t be. The issue with the above problem is there was poor business asset visibility, the company didn’t know about assets it had control over and this creates vulnerabilities, security or financial. Turning this liability into an asset can be a simple, cost-effective project for teams of any size.

If you would like to try these features in your test environment, just register here!

The Skyhooks were a band famous in Australia who had a 1970’s hit ‘Ego is not a dirty word’.

Although not related at all to IT Auditing, the negative stigma is translatable from ego to audits.
There are several reasons that organizations can dread an audit. However, they all share a common cause, the fear of the unknown.
What have I missed? Did I do this right? What if this happened?
Proactive organisations, however, do not dread audits, they use the process to add value to their organisations. This shift in focus is what continually helps them excel; prevention is always better than cure.

Do you rely on manual processes to address auditor requests?

If you answer yes to this then you are already on the back foot, most common audit requirements can be scheduled and accomplished automatically. This process automation is easily configured while the cost of the software is less than the personnel hours that would have been required for the same task. Automatically generating reports that consider change management or access security is straightforward using software such as Open-AudIT and opConfig.

The evolution of technology has forced organizations to comply with technical auditing, even if they don’t identify as high-tech companies. It is business critical to get these processes right; any recent data breach can be easily recalled, no one remembers a company executing a successful audit.  Successful audits occur when there is an understanding of the internal IT procedures and operations of your network.

The Internet of Things (IoT) is already revolutionizing the way key industries do business, and the benefits are only set to increase over coming decades as IoT technologies are further adopted. According to Australia’s IoT Opportunity: Driving Future Growth – An ACS Report, with regards to the construction, mining, healthcare, manufacturing and agriculture sectors, which represent 25% of Australia’s GDP, IoT technologies have the potential to achieve annual benefits of A$194-308 billion over a period of 8-18 years. That is an average productivity improvement of 2% per annum.

Let’s take a closer look at how IoT is set to revolutionize these key Australian industries.

Construction

The construction industry is set to benefit up to $96billion over coming decades due to increases in productivity resulting from IoT. Technologies such as Building Information Modelling (BIM), sensors, automation, and 3D printing are all set to have an increased presence in construction sites of the future.

Manufacturing

The predicted benefits for the Australian manufacturing industry over coming decades are up to $88 billion, despite the industry already being the most advanced regarding IoT adoption. Factories of the future may be remotely controlled and even connected allowing for real-time supply chain management. There will also be the increased adoption of sensor technology for monitoring and maintenance.

Healthcare

The healthcare industry could reap benefits of up to $68 billion in the coming decades as it takes advantage of IoT technology. ‘Smart Hospitals’ are the future, where service is more personalized and technologies such as 3D printing, robotics, nanotechnology and genetic coding are employed. Additionally, the use of wearable technologies by patients will reduce the number of visits to their GP and allow for remote access to real-time data.

Mining

Benefits of up to $34 billion could be achieved in coming decades by the mining industry as it adopts IoT technology. Sensors providing real-time visualizations of data and collaboration, and also the use of autonomous vehicles will increase the productivity of the sector, and are already employed by industry leaders.

Agriculture, Forestry, and Fishing

‘Smart farms’ are set to offer farmers increased yields are lower costs, with annual predicted benefits of up to $22 billion. Increased productivity will be the result of technologies including autonomous vehicles, sensors for crops, tracking on livestock, automation, and drones.

The five industries discussed are predicted to reap the significant benefits from IoT. However, they do not represent the limits of the reach of IoT technologies. While at its core IoT is a simple connected device, the broader impact of IoT technologies is an economic and social good, whereby there are not only improvements to capabilities and productivity, but more broadly improvements to everyday life and the planet.