Tag Archives: GDPR

Ask an Expert: Catching up with Sagara Gunathunga

Sagara Gunathunga, the product lead of the identity and access management (IAM) team at WSO2, has had one amazing career. Starting as a committer to Apache, he most recently led WSO2’s efforts to become GDPR compliant – using WSO2! In this interview, he tells why GDPR must be viewed as an opportunity to build closer relationships with customers and why we must always be curious to innovate.

1. Tell us about your introduction to open source and your journey at WSO2 so far.

Before I joined WSO2, I was a contributor to the Apache Software Foundation. In 2006 I attended various open source events like ApacheCon and I was highly motivated with the concept of contributing towards open source. So the motivation and some initial work towards it ended up with me being a committer in Apache. My first committer-ship was in an Apache project which was part of the Apache web service project and this also paved the way for my access to other projects.

During this time, I got a chance to join WSO2. Initially, I was driving WSO2’s contribution towards Apache. I started working on Axis2 and web services project during my own time and arranged various initiatives to review and mentor their work towards Apache. I also encouraged others to become committers. At present, I am part of the IAM team. It was quite challenging at the start, as none of my previous projects were on security and my knowledge was limited to the security aspects that I’ve been exposed to when working on Apache projects. Services, application development, and governance were my core focus areas back then but I used the knowledge I gathered as the base for career as an “identity guy”. There was lots to learn, going deep into the concepts of IAM – but it’s a been a rewarding journey.

2. What’s the most exciting project you’ve been a part of recently?

One of the main tasks I was assigned to was to work with the privacy standards given the emerging requirements in the EU/UK(GDPR) and Australia. As a technology company, it’s quite a task to keep up with all the privacy standards per country. Given that we have an identity product, it’s a priority for us.

We manage 50 mn+ identities, so in our case we store personal information and the main challenge is “how do we comply ourselves with the standard?” There are many known approaches like “Privacy by Design” but my architectural effort was to make WSO2 Identity Server comply with all the privacy standards, not just GDPR. Then we had to expand that exercise to all other WSO2 projects as all WSO2 products has some sense of personal data.

From a business perspective, WSO2 has data from customers and users that we need to protect and I was a part of that team that handled the privacy compliance/GDPR compliance. Meeting the deadline on the 25th May was daunting, but we did it!

From a business perspective, WSO2 has data from customers and users that we need to protect and I was a part of that team that handled the privacy compliance/GDPR compliance. Meeting the deadline on the 25th May was daunting, but we did it!”

4. You proudest moments at WSO2?

Not just one, but being a part of WSO2 alone is always something to be proud of. The reality is that on the surface, you don’t see a lot of technological innovations in this part of the world (South Asia) due to various reasons. At WSO2 we are able to innovate given these limitations, competing with leading and innovative tech companies around the world. Right now we are known as the largest OSS integration vendor in the world managing 50 mn identities through our identity server, and that’s truly special.

The reality is that on the surface, you don’t see a lot of technological innovations in this part of the world (South Asia) due to various reasons. At WSO2 we are able to innovate given these limitations competing with leading and innovative tech companies around the world.”

5. How do you see GDPR- is it an opportunity or a roadblock?

It depends on your individual perspective. Some think it’s a financial barrier/roadblock but many other people do not share this view. Last month I presented at the GDPR summit and at various meetups where GDPR was discussed. I learnt that most people think it’s an opportunity for them to demonstrate their commitment towards user privacy, how they respect it, and demonstrate the ways in which they have measures in place to provide data protection.

There are positive perceptions – including as an avenue for brand recognition and how you care about your customers. That’s great and I think it’s one of the best ways to prove to your customers that you respect their privacy and you have taken all measures to protect their data. Businesses are now moving away from being solely profit-oriented and to instead building relationships with their customers. That’s the most important aspect, and I believe this is how GDPR should be viewed.

6. Where do you think the future of IAM is heading and where does WSO2 Identity Server fit into that picture?

IAM is a broad term. We’ve noticed that authentication or how you verify the authenticity of a user is an evolving space and is a part of many privacy standards. For example, PSD2 and Open Banking in the UK requires enforcing Strong Customer Authentication (SCA). Financial institutions and banks used to have biometric and token devices for authentication. Yet, given the volume of cyber attacks and privacy violations, it is important that you provide maximum protection for your users. Therefore, authentication needs to become more agile and adaptive.

We’re hoping to provide adaptive authentication with WSO2 Identity Server, which is a very exciting direction for us!

7. WSO2 IS is an open source IAM product how does it stand as opposed to a regular IAM vendor or product?

At WSO2 the GA releases are under Apache 2.0 license which means you are free to do whatever you want.”

Open source is a loaded term. To ensure that what we offer is truly open source, we provide binary distributions that are freely accessible so you are able to customize, redistribute, and access the source code.

There are other “open source” IAM products where you can get the source code and run it, but you cannot run the officially binary release in production. At WSO2 the GA releases are under Apache 2.0 license which means you are free to do whatever you want. You can use the code and run it yourself or extend, customize or even resell. In case you need professional support and help, you can then engage with us.

8. From the point you started at WSO2, you have had an amazing professional journey. Any advice for budding developers or engineers who are beginning their careers?

Be curious. Always.

If you’re curious, the commitment and passion to what you do will come naturally. But if you settle, innovation becomes a battle.”

I have been in the field for more than 10 years and I’m more curious than ever given how much the technology landscape is evolving. If you are planning to have a fruitful career (which I’m sure you are), you have to be curious. I’m paraphrasing one of our greatest losses from recent times, Stephen Hawking, who said the key to his success was being curious. When people grow up they tend to settle with what they know but if you are curious, you grow with knowledge. It’s a guiding principle for me too.

As an identity guy, the key is to learn ideas and concepts thoroughly, so the application of the technology becomes easier. If you’re curious, the commitment and passion to what you do will come naturally. But if you settle, innovation becomes a battle.

Helping You Say GDPRghh Less – Meet Us at the GDPR Summit London!

The process of becoming compliant with the General Data Protection Regulation (GDPR) isn’t simple. Anyone who says otherwise isn’t telling you the truth. However, you can make the process tolerable by using the right technology.

The prime focus of our spring release was to ensure that the entire WSO2 platform is compliant and for our products to be able to provide rapid growth by leveraging the regulation. For instance, WSO2 Identity Server is now able to provide end-to-end consent management as well as the ability to anonymize user data which adheres the ‘right to be forgotten’ rule.

To further help you accelerate compliance, Sagara Gunathunga, a director at WSO2 and a key member of the WSO2 IAM team, will be speaking on “Best Practices: How to Optimize Your GDPR Strategy” at the GDPR Summit held on April 23 at 155, Bishop Gate, London. During his session, he will explore

  • The main factors for optimizing your strategy
  • The role played by IAM
  • How technology helps organizations leverage GDPR to drive growth
  • How to stay up-to-date with other privacy regulations

The event usually witnesses at least 500 attendees and aims to provide an actionable and practical roadmap for organizations to become GDPR compliant. Described as high impact, content-rich and jargon-free, over 40 expert speakers are scheduled to speak at this one-day conference.

Come say hi to our team and attend Sagara’s talk at the GDPR roadmap theatre. Click here to find out more!

Won’t be able to attend? Sign up for our ongoing webinar series to learn about all things GDPR!

Announcing Our 2018 Spring Release Which Brings Platform-Wide Support for Fast-Tracking GDPR Compliance

The clock is ticking toward the May 2018 deadline to comply with the General Data Protection Regulation (GDPR), which harmonizes data privacy laws across Europe to protect all data belonging to EU citizens and residents. The regulation applies to organizations that operate within the EU as well as those that sell or market to the EU—essentially the rest of the world.

Some enterprises may only see the immediate burden of meeting GDPR’s requirements. However, savvy organizations understand that the technology platform they implement to comply with the regulation can set the stage for new digital business models that drive revenue and growth. To help these enterprises accelerate these efforts, WSO2 today debuted its Spring 2018 Release, featuring product developments designed to offer platform-wide support for GDPR.

The Spring 2018 Release is the first set of synchronized product updates being rolled out as part of WSO2’s new quarterly release of new and enhanced capabilities across the platform aimed at addressing the real-world business and technology demands enterprises face today.

Let’s take a closer look at the challenges and opportunities that GDPR brings, as well how WSO2’s product features and services empower organizations to fast-track their GDPR compliance and enable agile digital transformation initiatives.

The Immediate GDPR Challenge

GDPR requires that organizations conducting business in the EU adopt internal policies and implement measures that meet, in particular, the principles of data protection by design and data protection by default. What this essentially means is that enterprises need to ensure all personal data collection, processing, storage and destruction measures are designed to secure privacy. It doesn’t just end there. Organizations must also be able to demonstrate proof of consent and allow individuals to review the status of their consent and opt out if they choose to do so.

The immediate challenge for enterprises is finding a solution to help tune their identity and access management (IAM) and ensure secure API management quickly so that they can address the new requirements of GDPR. These include customer data privacy, a self-care portal to enable customer rights defined by GDPR, and full-scale consent lifecycle management. The solution also must support secure identity provisioning across systems in a GDPR-compliant manner.

The Long-Term Benefit

While meeting their near-term GDPR requirements, organizations have the potential to look beyond compliance and leverage the strong data protection fostered by GDPR to support their digital transformation efforts aimed innovating new services and building brand loyalty with customers. To make this move, organizations need a cohesive platform that has the capabilities to make businesses programmable through APIs, program the business using integration systems, maintain solid identity and security practices, and increase agility through the adoption of open source and cloud systems.

The WSO2 Advantage for Capitalizing on GDPR

WSO2 has the expertise to be your trusted technology partner, not just to make sure you clear the GDPR hurdle, but also to ensure your organization has the ability to leverage the wider benefits brought by this regulation. With the Spring 2018 Release of the WSO2 platform, you have a digital transformation solution that capitalizes on the data protection measures of GDPR to accelerate your business growth via a digital innovation platform.

Using the WSO2 platform, you can capitalize on the technology trusted by globally recognized brands across a range of industries—including eBay, Experian, Verifone, BNY Mellon, West Interactive, Motorola, Transport for London, and StubHub—to:

  • Comply with the GDPR regulations quickly via platform-wide support that helps you to ensure all personal data collection, processing, storage, and destruction messages are designed to secure privacy.
  • Look beyond compliance and enhance digital transformation with a cloud-native, open source platform composed of the key technology enablers required for the agility and innovation you need to maximize your competitiveness.

Technology Enablers for GDPR and Digital Transformation

Within the WSO2 platform, key technology enablers for meeting GDPR regulatory requirements and setting the stage for digital transformation include:

  • Identity and access management in the Spring 2018 Release is delivered via a solution that supports secure identity provisioning across systems in a GDPR-compliant manner. Consent management and privacy toolkit in WSO2 Identity Server enable enterprise data controllers to accelerate their organization’s GDPR compliance. It also introduces personal information export capabilities and support for encrypting OpenID Connect identity tokens. Together, these new features address the different aspects of individual rights defined in GDPR, such as the “right to be forgotten” and the “right to personal data portability” among others, in order to ensure the protection of personal information.
  • Secure API management in the Spring 2018 Release addresses the new requirements of GDPR, such as customer data privacy, a self-care portal to enable the customer rights defined by GDPR, and full-scale consent lifecycle management. These capabilities can now be deployed via a hybrid cloud solution that provides organizations a local gateway rather than a cloud API gateway. This enables users to have the best of both worlds and ensures all API calls happen locally, thus increasing security and minimizing latency. Moreover, it’s easy to maintain as users; just supply their cloud credentials, and it pulls configuration and changes from the cloud.
  • Integration capabilities in the Spring 2018 Release provide the ability to seamlessly connect and manage multiple identities across legacy systems, SaaS applications, services, and APIs. This enables organizations to support even the most demanding integration requirements across services. Key capabilities include the required tools to connect to a wide variety of protocols and security mechanisms as well as streamline integration APIs in a secure manner.
  • Streaming analytics capabilities empower organizations to derive meaningful insights with available data. The Spring 2018 version of the product includes functionality to support GDPR compliance, such as the ability to anonymize both login user information and any data stored in databases.
  • A customized open banking solution, first launched for the financial industry in August 2017, provides the functionality to comply with both GDPR and the European Union’s second Payment Services Directive (PSD2). It also empowers companies to go beyond traditional banking by offering third-party services and innovating new digital offerings.

In addition to the enabling technologies delivered through the WSO2 platform, WSO2 is offering a series of seven webinars to help organizations accelerate their GDPR compliance.

Now is the time to start complying with GDPR—and lay the groundwork for the new digital business models it will enable. WSO2 brings you the technology, expertise and services to get up and running quickly and cost-effectively, along with the agility to capitalize on digital transformation opportunities as they emerge.

Roses are red, violets are blue. We don’t have time to rhyme because the GDPR deadline is coming up soon!

At our last webinar on the General Data Protection Regulation (GDPR) hosted by Prabath Siriwardena and Asanka Abeysinghe, we looked at technical aspects of the regulation and what steps you can take to ensure your security strategy is primed for GDPR.

With less than two months to go, what you need now is the right approach to accelerate your GDPR compliance journey. According to a survey conducted by Forrester research1 a few months ago, 11% of firms are still unsure of what needs to be done and 29% of fully compliant companies may have taken some incorrect steps. This can cause serious issues and lead to hefty fines when scrutinized by governing bodies. From an industry perspective, while financial industries are usually ahead given the constant regulations, media and retail industries could be lagging behind in getting their systems and processes into place.

Your enterprise’s longevity depends on the trust you build with your customers. That’s why user consent and privacy are vital. If the aftermath of the Facebook – Cambridge Analytica scandal taught us anything, it’s that. GDPR may seem like a daunting challenge at first, but by adopting the right technology you can move beyond compliance and take advantage of the regulation to gain your customers’ trust, strengthen their loyalty, and grow your business rapidly.

To help you grasp the complex processes involved in GDPR compliance, the WSO2 Identity Server team is conducting a series of seven webinars which explores how our products are GDPR compliant and what steps you can take to accelerate compliance.

  1. April 10: Accelerating Your GDPR Compliance with the WSO2 Platform – Sagara Gunathunga, Director, WSO2
  2. April 17: The Right Steps to Becoming GDPR Compliant – Darshana Gunawardena, Technical Lead, WSO2
  3. April 24: GDPR Compliance with WSO2 Identity Server – Ayesha Dissanayaka, Senior Software Engineer and Hasintha Indrajee, Associate Technical Lead, WSO2
  4. May 2: GDPR and API Security – Sanjeewa Malalgoda, Senior Technical Lead, WSO2
  5. May 8: The Role of GDPR in Customer Identity and Access Management – Rushmin Fernando, Technical Lead, WSO2
  6. May 15: GDPR Compliance by Design – Ruwan Abeykoon, Associate Director/Architect and Jayanga Kaushalya, Senior Software Engineer WSO2
  7. May 22: The Impact of GDPR on User Experience – Dakshika Jayatilake – Associate Technical Lead, WSO2

Sign up and spread the word!

1 Forrester Research, Inc. “The State Of GDPR Readiness GDPR Readiness Progresses, But Strategies Depend Too Heavily On IT” by Enza Iannopollo with Laura Koetzle, Stephanie Balaouras, Elsa Pikulik and Peggy Dostie, January 31, 2018