Whitepaper: Shaping the Future of Business

Whitepaper: Shaping the Future of Business

The pandemic changed many things. What we knew as business as usual until March 2020 became business unusual ever since. And sadly, the impact of COVID-19 will continue to be felt for quite some time.

We can see how traditional business models are now shifting toward a digital model with innovative technologies that allow them to both survive in the unstable market and then thrive thanks to the gained agility.

In our whitepaper 𝐒𝐡𝐚𝐩𝐢𝐧𝐠 𝐓𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 we explore how digital transformation helps businesses mitigate the effects of a crisis, as well as why the Cloud – the foundation of many such digital initiatives – is the future of business, regardless of the industry.

Get your copy of the whitepaper to learn about the role of Cloud Computing in digital transformation, and why the Cloud is worth the struggle during a crisis.

This paper is dedicated to all business leaders that want to understand how digital transformation can help their business mitigate the effects of a crisis situation, as well as why the cloud, the foundation of such digital initiatives, is the future of business.

The Cloud isn’t a big scary thing that will ruin your business

The Cloud isn’t a big scary thing that will ruin your business

A free event for technical decision-makers, department managers, team leads, cloud architects, project managers and senior IT professionals (system engineers and developers). 

How it all began

Nearly four years ago, we were having an internal discussion on the Cloud and its impact on day to day business activities. That discussion soon led to an idea of building a conference designed entirely to address that very topic. It didn’t take long to mobilize the team (this is where years of hosting and managing tens of events and conferences helped a lot), so in late 2017 we already had the first edition of the Cloud Conference.

We contacted partners, customers, and the media, we put together a first stellar speaker line-up, and got things off the ground. We felt Bucharest was the best spot for this, and we went along with it.

Focus on Digital Transformation 

This year, at its 4th edition, we’re already looking at an event that has evolved quite a lot. While we’ve mostly kept a similar format (one day, two tracks, 10+ business & technical sessions delivered by industry experts), the focus of the topics has shifted to address the growth in Cloud adoption and expertise in the market.

A lot more companies are already finding themselves involved in digital transformation and Cloud migration initiatives and are looking for concrete references, best practices, and guidelines.

Throughout the years, we witnessed the Romanian market’s evolution, as it’s becoming more and more mature, which brings challenges that are far more complex and detailed than we saw a few years back.

It’s no secret that Avaelgo’s primary focus for the past years has revolved around Microsoft’s Cloud solutions (Azure, Office 365, Microsoft 365). Even back in 2017, we saw a lot of interest in the market towards Cloud migrations and Cloud strategy initiatives.

But at the same time, we also saw a lot of confusion.

A common thing we noticed when discussing with customers was the lack of a proper grasp on what moving to the Cloud entails. Coherent Digital Transformation initiatives were few and far between, and clear Cloud strategies were even more scarce. We felt the market (and especially customers taking their first steps towards the Cloud) needed better guidance, stability, and proven track records on complex Cloud projects.

We were in the right position, and had the right partners, to be able to deliver just that.

That’s what the vision behind the Cloud Conference is all about: a way for us and our team of excellent partners to show that the Cloud is not a big scary thing that will run amok and wreck all your carefully budgeted costs and plans.

Tudor Damian

CIO & Partner, AVAELGO

In many ways, the Cloud, just like Machine Learning and AI, will transform the industries similarly to how PCs and the Internet impacted them 25-30 years ago.

And whether you’re willing to accept it or not – how you deal with the Cloud today could have a significant impact on how your company will be able to address tomorrow’s challenges and opportunities.

Looking back at the previous three editions (2017, 2018, 2019), I feel we’ve delivered on that vision so far.

Over the years, we’ve focused on providing access to Cloud experts, companies sharing their success stories, we’ve delivered compelling breakout sessions and post-conference workshops, and we’ve helped companies better define their strategy to move to the Cloud.

What to expect @ Cloud Conference

The Cloud Conference has generally delivered two types of content, as we found both to be incredibly relevant.

One side is more focused on the business side of things (governance, cost management, strategy), and the other delves deeper into some of the more technical aspects of Cloud (strategy, migration, onboarding, and day-to-day management).

We mixed all of this with partners’ success stories, specific scenarios and solutions, learning, and networking opportunities.

All we do is show people that the Cloud is something you can keep under control, and even more so, it’s something that can transform and empower your entire organization.

Tudor Damian

CIO & Partner, AVAELGO

A few years ago, we were looking at companies who were still asking themselves whether the Cloud is a good idea, trying to find out how privacy and data protection were addressed in a Cloud environment, and attempting to figure out the best deployment and migration strategies. Next, the focus shifted to defining an end-to-end approach for Cloud migration and governance, hybrid deployments, DevOps, and containers. Last year, we saw topics focusing on specific industry verticals, PaaS, SQL hybrid, and cybersecurity. And we’re planning to step things up even further this year, with an even more compelling set of technical sessions, business best practices, and case studies.

Join the Cloud movement

So, if you feel like the Cloud is something that is (or will probably be) affecting your company, make sure you don’t miss out on what we’ve got in store for you this year – you can find all the details (speakers, schedule, venue) on cloudconference.ro – so go ahead and save the date (September 30th) right now!

Cloud it’s a place where security, data governance, transparency, and trust are crucial elements.

Tudor Damian

CIO & Partner, AVAELGO

Cloud Strategy for Your Organization: Peace of Mind (as a Service)

Cloud Strategy for Your Organization: Peace of Mind (as a Service)

Mihai Tataran
General Manager & Partner, Avalego
Microsoft Regional Director & Azure MVP

Before we begin

This article comes as a continuation of the previous ones in the series called
Cloud Strategy for Your Organization

and focuses on the last of the steps we usually take with our customers who migrate to the Cloud.

Click on the image to enlarge

Now we will focus more on getting the peace of mind while the workloads are running on Azure.

We will discuss what Managed Services on Azure and Microsoft 365 technically mean, what are the things a managed services provider or an internal IT operations (DevOps, IT) team should do proactively, focusing on aspects like:

  • Azure governance,
  • cost control,
  • security,
  • efficiency.

Why Peace of Mind?

The real question is:

While your solutions are running in Azure, is there anything you should be doing for your peace of mind?

One could think – “Isn’t the Cloud supposed to (maybe magically) take care of my software solution out of the box?”

The simple answer is while the Cloud offers us a lot of technology which makes IT operations much easier, especially under the Platform as a Service (PaaS) and Serverless offerings, it doesn’t mean that we don’t have to do anything anymore.

During our interactions with large organizations that we’ve helped in the past years to migrate to the Microsoft Cloud (Azure and Microsoft 365), we have discovered the best practices needed for good maintenance.

We have built those best practices in a set of services that we call “Peace of Mind (as a Service)” that include proactive and reactive measures. And in this article, I will discuss the proactive actions we usually take. The reactive actions I am referring to are the usual SLA-based support activities any managed services provider, or IT team already knows about.

Those proactive best practices and actions are grouped into 5 different categories:

  • Access and Users Experience
  • Analytics and Monitoring
  • Governance and Security
  • Performance and Cost Optimizations
  • Feature Usage and Roadmap

Further on, we will explore a few of them.

Access and Users Experience

There isn’t much to say here since the title is quite self-explanatory. What is worth mentioning is that there are specific techniques and tools related to authentication and authorization in Azure and Microsoft 365, which should be used properly to get the maximum benefits in a lot of areas, not only security but also cost control and monitoring for example.

This category of actions deals with:

  • Role Based Access Control
    This is how authorization on Azure resources, Resource Groups and Subscriptions should be done. One should make sure the right people or groups (from Azure Active Directory) have the right access to the right grouping of resources. This can have a tremendous impact not only on security, but also on resources’ organization (avoiding chaos, like a person without the right access being able to delete a resource), and cost control (restricting people which should not be able to create resources in a certain Subscription).
  • Multi-Factor Authentication
  • Policies
    Enforce some conditional access policies, e.g. enforce MFA for some users.
  • etc.

And this list is not an exhaustive one, but more like just a glimpse.

Governance and Cost optimizations

In general, governance can mean a lot of things, but we are thinking mainly of:

  • Resources organization
  • Resources security
  • Auditing
  • Cost control and optimization

For resources organization, we have to start from understanding the relationships between Tenants, Subscriptions and Resources:

A customer with an Office 365 tenant (domain) will have an associated Azure Active Directory, and an associated Azure tenant. The directory in Azure is the same as the directory in Office 365: Azure AD. All the other Office 365 services (Exchange Online, SharePoint Online, etc.) are using Azure AD for authentication and authorization.

An Azure Subscription is usually a cost center or part of a cost center (in a larger grouping of Subscriptions). There is also a way to group more Subscriptions in a Management Group, for even better organization.

Why is this grouping of resources relevant? Because you can apply your governance conditions, for example using Azure Policies, at the scope that you choose: at a Management Group, or Subscription, or Resource Group. An example would be to limit the types of VMs that can be created in a Management Group (a collection of Subscriptions). Or to limit the VMs in a Subscription to a specific Azure region.

Another advantage of sound grouping of resources is managing cost. First, you will be able to know your costs grouped by:

  • Cost centers (e.g. Subscriptions or Management Groups)
  • Usually, a Resource Group contains the resources with together make up a solution (with the exception of course when a solution uses resources that might be shared with other resources).
  • Type of resources, for example, resources used for testing, or by a certain user.

So cost control is crucial, especially in a pay-as-you-go type of Azure consumption. And it starts with proper allocation and grouping of resources.

Another thing is cost optimization. It can be done through a combination of, at least:

  • Policies
  • Alerts
  • Specific features like Azure Automation, DevTest Labs
  • Autoscaling

Policies

Setting up Policies like allowed VM types or resource types in general. They can be applied per Resource Group, Subscription, or Management Group.

Alerts

You can configure Azure alerts (from the Azure portal) like:

  • When a costly (you define what costly means for you) resource is created.
  • Showing orphaned resources – in combination with some custom code done with Azure Functions or Azure Automation. This is a very typical cost drain: expensive resources which are not being used anymore.
  • etc.

Or you can define cost/budget related alerts, such as when you’ve reached a spending limit, per resource group or per resource type.

Autoscaling

You can easily define autoscaling rules, so the infrastructure needed by your solution scales up or down, exactly as needed. Autoscaling can be applied easily (from the Portal or through scripting) for many compute resources (VM Scale Sets, Web Apps, etc.), or with some custom work, you can do it for other resource types like SQL Database or CosmosDB.

Conclusion

Managing workloads in Microsoft Cloud is done differently than on-premises.

There are proven ways and best practices for Managed Services on top of the Microsoft Cloud, and while developing our Peace-of-Mind service offerings we made sure we incorporate pretty much all of them. For more information about our services around these technologies, browse our website.

For more in-person, in-depth information about this particular topic, you can register for free at for the next edition of our annual Cloud Conference.

If you are interested to explore more on this topic, Mihai talks about how should companies approach Cloud and the best way to migrate the workloads to PaaS in a video series available here.

Mihai_Tataran

Mihai TATARAN is the General Manager of Avaelgo and CEO of InterKnowlogy. He is also Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.

Cloud Strategy for Your Organization: Migrating Workloads to PaaS

Cloud Strategy for Your Organization: Migrating Workloads to PaaS

Mihai Tataran General Manager & Partner | Microsoft Regional Director, Azure MVP

Before we begin

This is a continuation of the first article in the “Cloud Strategy for Your Organization” series and focuses on another of the steps we usually take with our customers who migrate to the Cloud.

Click on the image to enlarge

Some of the considerations described in the “Lift and Shift to the Cloud” article apply to PaaS migrations as well, even though they are more focused on general Lift-and-Shift scenarios.

Here we will focus more on the most important architectural decisions one has to make when either migrating an application to Azure PaaS, or creating a new application for Azure PaaS.

Why PaaS?

A very short explanation of why PaaS vs IaaS can be found in the article referenced above. But, to give more details, here is why having applications run in PaaS is better than in Infrastructure as a Service:

  • You don’t need to manage and support Virtual Machines. You simply use services provided by Azure.
  • Better Disaster Recovery mechanisms, since all these services in Azure already have DR incorporated by design.
  • Higher availability. The typical PaaS service uptime in Azure is 99.99%, reaching 99.999% in some cases.
  • Lower cost with Azure: PaaS services are usually cheaper than their equivalent in IaaS (which would be VMs running a piece of software).
  • Access to technology: access to Artificial Intelligence, Machine Learning, Big Data.

Watch a video (in Romanian) where Mihai talks about the cloud strategy and migrating workloads in PaaS, as a follow-up to this article.

 

 

Options and more options

The great thing about the Cloud in general and Microsoft Azure, in particular, is that it provides many options for everything you want to achieve. For example, there are at least 4-5 options to host an application or run code in Azure PaaS: Cloud Services, App Service, Service Fabric, Functions, Logic Apps, etc. What is great with many options is that you have very granular features designed for very specific needs, but the penalty is that you really need to understand them very well, otherwise you might make very bad architectural decisions with costly consequences down the line.

From the architecture perspective, there are at least two major design decisions you need to make:

  1. What kind of architecture does my application have (if it is an existing application and I just need to migrate it to Azure), or what kind of architecture does my application need.
  2. What is the best Azure PaaS option for my application to run on.

Architecture style

Here are some typical architecture styles for Cloud applications:

The first thing you need to do is make sure you understand in what major category does your application fall into.

Decision time

And now you must decide upon which Azure PaaS service to primarily use for your application, depending of course on the architecture style it needs and other business criteria. Here is a great chart which describes a decision tree for this phase:

Migrating to or designing new applications for Azure PaaS has tremendous advantages, but it also means we need to think differently.

Other architectural decisions

There are many other aspects you need to decide upon and here are just a few examples.

Multi-tenant applications

Let’s say your application is multi-tenant, meaning you have more than 1 customer accessing your application. Each customer might access your solution via a specific URL (e.g.: https://customer1.application.com, https://customer2.application.com, etc.), or it might simply be the same URL for everyone.

The first question we need to ask is if it makes sense or not to have a single deployment for all customers or not, considering the simplified scenario that all customers have the exact same version of the application (the same code base). The right-hand side of the picture describes a single deployment for all customers.

Here is why it seems logical to do it: you only must maintain one single application, one version of deployment, for all customers. It appears to be cheaper, easier, straightforward! Or is it?

Here is another way to look at it: what if you have different customers with different expectations regarding uptime and performance? What if, to make it simple, you have some Free / Basic customers (who don’t pay for your solution) and you have some Premium customers (who pay and expect a high quality of service – QoS)? Obviously, if you have one deployment for all customers, in order to offer the QoS needed for Premium customers you end up offering it to everyone. And maybe 80% of resources’ needs come from the Free customers.

So, a more pragmatic approach is to consider the non-functional aspects of your solution, the QoS needed by different categories of customers, and maybe it makes more sense to separate them into different deployments by category. One deployment for Free / Basic customers, one deployment for Premium customers. And then you can allocate more resources only for Premium customers, you can configure that solution to autoscale, etc.

Transient faults

If you start using PaaS functionalities – like SQL Database, Storage, Service Bus, etc. – you need to understand a basic concept: they are offered from a shared environment, and that can cause some unexpected behaviors sometimes. We call these situations “transient faults”, errors which happen because of the environment where our service resides, they have nothing to do with our code, and they will automatically disappear. A specific example of a transient fault is: when another Azure customer using SQL Database from the same physical infrastructure as our SQL Database service, is triggering a query which brings (momentarily) the CPU to 100% – in this case, for a very short time, our queries or commands to our SQL Database will result in a SQL error. The Azure Fabric, of course, resolves the problem very fast, but there is a short time window within which we can have errors which have nothing to do with our application but the environment.

What you must do is design your application code for such events, meaning the code should expect some types of errors or exceptions, which clearly identify transient faults, and act accordingly. One way to tackle this situation is a pattern called Retry Policy, and there is already a framework created for it, called Transient Fault Handling Application Block.

Conclusion

Migrating to or designing new applications for Azure PaaS has tremendous advantages, but it also means we need to think differently: we must understand the Azure services better, what they do and what are their limitations, and in the case of applications’ migration we need to rearchitect or change some small parts of the code.

If you are interested to explore more on this topic, Mihai talks about the cloud strategy and migrating workloads in PaaS in a video available here.

Mihai_Tataran

Mihai TATARAN, Microsoft Azure MVP, is the General Manager of Avaelgo, and Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.

Cloud Strategy for Your Organization: Things You Need to Consider First

Cloud Strategy for Your Organization: Things You Need to Consider First

Mihai Tataran General Manager & Partner | Microsoft Regional Director, Azure MVP

Before we begin

Last year I wrote a series of articles focused on migrating to the Cloud, with examples on Microsoft Azure: on how to start and lift and shift 101. In this article, we are going to discuss how to start your strategy to migrate to the Cloud, based on the experienced we’ve got in the meantime, with enterprise customers, working on Microsoft Azure but also on Office 365 and Microsoft 365 migration projects. You may consider the road to the Cloud as a pipeline of steps, a minimalistic set of them being the ones presented in this diagram:

Click on the image to enlarge

We are going to focus on the very first step, just before actually moving to the Cloud.

Migrating to the Cloud: Options and scenarios

We usually have two types of customers or two types of migration projects:

  • Custom / Bespoke: complex organizations, complex projects;
  • Standard: most of the small and medium organizations can be approached in a standardized way.

Standard

While nothing is really standard in the IT Services world, we have some common methodologies created for similar projects. One example would be migrating to Office 365. There are differences from customer to the customer: they might currently use Exchange Server on premises (maybe 2010 or maybe 2006), they might use a Zimbra email server, they might have the server on-premises or hosted at a co-location provider, etc. But there are some common steps and a common methodology to migrate that customer to Office 365: email server, documents and much more. The same can be applied to projects involving migration to Microsoft Azure, and in the end, our customers benefit from the “Peace Of Mind” standard services suite that we are offering.

Custom

The rest of this article is focused on complex projects or organizations, where we typically don’t only talk about migrating a solution, but a suite of solutions with interdependencies and sometimes the whole IT of that organization.

Watch a video (in Romanian) where Mihai talks about the cloud strategy and how to start approaching the migration into the Cloud, as a follow-up to this article.

Drivers for Cloud migration

There can be many drivers toward such a move and here is a short list.

Efficiency

There are many scenarios where the customer sees huge cost savings. If you consider one of the key attributes of the Cloud, which is that you pay for what you use, the monthly cost of some complex workloads in IT can be much smaller that on premises. Among such scenarios I would enumerate:

  • DevTest: machines for testing, staging, etc. – which don’t need to run 24/7 but a mere few hours per day.
  • On/Off operations, e.g.: salary calculation, 3D rendering, etc. – operations which require computational power a few days per month or a few hours per day.
  • Disaster Recovery

This is another reason for the Cloud, and here is an article on this very subject.

Access to technology

Technologies like: Big Data, Machine Learning, Artificial Intelligence, etc. – are very expensive or simply cannot be installed and managed on-premises because of the complexity they imply. The Cloud is great also because it gives access to such amazing technologies to everyone, in a pay-per-use cost model.

Startup

If you are a greenfield investment or a startup your entire IT infrastructure can be operational in a matter of days. Your email, documents sharing, collaboration tools, your invoicing application, your CRM, your ERP, etc. – all of them can be provisioned easily and fast in the Cloud, without the need to acquire any IT equipment except for employees’ laptops, tablets, and smartphones.

We should not see the Cloud as just another location for some servers. If we only see it like that, we fail to optimize the Cloud usage.

Initial things to consider

It is an IT project, but before starting any actual IT work we should consider a few aspects.

Complexity

Migrating an organization or a set of solutions to the Cloud is not a simple, risk-free project. It takes time, usually months or years, and it impacts many more departments than IT.

Current IT state

From the migration perspective, there is the need to analyze the initial state of the IT infrastructure. Questions like these need to be asked in the beginning:

  • Is there a consolidated infrastructure?
  • Is there a common identity mechanism for all users? Are there multiple identities, Single-Sign-On, Federation mechanisms in place?
  • Are current workloads virtualized, or are they running directly on physical machines? Which virtualization technology is being used?
  • Is the customer already using the Cloud? From which providers? If using Azure, which kind of contract (pay as you go / Enterprise Agreement / CSP)?

Vision

The current state analysis needs to be augmented with envisioning what IT could do for the business if it had the tools. Another key attribute of the Cloud is that it delivers technology which does not exist or is very expensive to have on premises. Aspects like: Big Data, Machine Learning, Artificial Intelligence are such examples, and in this phase, we should discuss with the customer what could be done for the business. Or even simpler than that: you might need a machine with huge computational power or a new piece of software that the company just bought. In the Cloud, provisioning such machines with tens of cores and hundreds of GB of RAM (or even TB of RAM) takes minutes.

Financial

What is the preferred payment strategy? Does the client need a pay-per-use type of contract or a capital multi-year investment? Both are possible, with advantages on each side, and the decision to choose one over the other depends very much on the specifics of every customer.

HR

Some roles within the IT department will need to change. There will be new technologies, new mechanisms to be operated and supported, so a skill upgrade needs to be done. Before that, there is also a paradigm shift: we should not see the Cloud as just another location for some servers. If we only see it like that, we fail to optimize the Cloud usage. In that respect, the IT personnel from the customer needs to go through a mindset transformation before acquiring the specific technical skills needed for the Cloud.

Roles

Roles within the project team must be clearly identified: the customer must understand what their role is, and what is expected from his team before, during and after the migration project.

Buy-in

Especially from top management, but also from all department/business unit leaders who are using the IT systems which will move to the Cloud. A strategy is needed for how the users will be impacted by this change, and what we need to do to help them. The easiest way to get the client’s organization buy-in we found is to start with a pilot or a simple and quick project which delivers immediate benefits, within the first months of the whole program.

Conclusion

This article described just the first step of a Cloud migration program for an organization. There are multiple steps, that will cover in the upcoming weeks. While others are optional, many of them are essential. In the next article, you’ll find out what you need to know about migrating workloads to PaaS.

If you are interested to explore more on this topic, Mihai talks about the cloud strategy and the things you need to consider before actually starting the migration into the Cloud in a video available here.

Mihai_Tataran

Mihai TATARAN, Microsoft Azure MVP, is the General Manager of Avaelgo, and Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.

Becoming GDPR-compliant – Avoidable privacy happenings

Becoming GDPR-compliant – Avoidable privacy happenings

Ioan Popovici

Ioan Popovici
Chief Software Engineer

Last time, I tried to brief some of the steps you need to cover before starting to choose the tools that will help you achieve compliance. Let’s dig a little deeper by using some real-life negative examples that I ran into during this faze.

Case 1. The insufficiently authenticated channel.

Disclosure disclaimer: following examples are real. I have chosen to anonymize the data about the bank in this article, although I have no obligation whatsoever to do so. I could disclose the full information to you per request.

At one point, I received an e-mail from a bank in my inbox. I was not, am not, and hopefully, will not be a client of that particular bank. Ever. The e-mail seemed (from the subject line) to inform me about some new prices of the services the bank provided. It was not marked as spam, and so it intrigued me. I ran some checks (traces, headers, signatures, specific backtracking magic), got to the conclusion that it is not spam, so I opened it. Surprise, it was directly addressed to me, my full name appeared somewhere inside. Oh’ and of course thanking ME that I chose to be their client. Well. Here’s a snippet (it is in Romanian, but you’ll get it):

Of course, I complained to the bank. I was asking them to inform me how they’ve got my personal data, asking them to delete it, and so on. Boring.
About four+ months later (not even close to a compliant time) a response popped up:

Let me brief it for you: It said that I am a client of the bank, that I have a current account, where the account was opened. Oh, but that is not all. They have also given me a copy of the original contract I supposedly signed. And a copy of the personal data processing document that I also signed and provided to them. With the full-blown personal data. I mean full blown: name, national id numbers, address, etc. One problem though: That data was not mine, it was some other guy’s data that had one additional middle name. A thus, a miracle data leak was born. It is small, but it can grow if you nurture it right.

What went wrong?
Well, in short, the guy filled in my e-mail address and nobody checked it, not him, not the bank, nobody. You imagine the rest.

Here’s what I am wondering:

1. Now, in the 21st century, is it so hard to authenticate a channel of communication with a person? Is it so difficult to implement a solution for e-mail confirmation based on some contract id? Is it, really? We could do it for you, bank. Really. We’ll make it integrated with whatever systems you have. Just please, do it yourselves or ask for some help.

2. Naturally, privacy was 100% absent from the process of answering my complaint, even though I made a privacy complaint. Is privacy totally missing from all your processes?

In the end, this is an excellent example of poor legislative compliance, with zero security involved, I mean ZERO security. They have some poor legal compliance: there is a separate document asking for personal data and asking for permission to process it. The document was held, and it was accessible (ok, it was too accessible). They have answered my complaint even though it was not in a timely compliant manner.

Conclusions

0. Have a good privacy program. A global one.

1. Have exquisite security.

2. When you choose tools, make sure they can support your privacy program.

3. Don’t be afraid to customize the process or the tools. We (and, to be honest, anybody in the business) could easily give you a quote for an authentication/authorization solution of your communication channels with any client.

I am sure you can already see for yourself how this is useful in the context of choosing tools that will help you organize your conference event, and still maintain its privacy compliance.

About the author

Ioan Popovici

Ioan Popovici, the Chief Software Engineer of Avaelgo, Microsoft Certified Professional, Certified Information Privacy Professional / Europe, is specialized on Microsoft technologies and patterns and practices with such technologies, acting as the architect on most of Avaelgo’s solutions. He has delivered many trainings to software companies in Romania.

Pin It on Pinterest