SlideShare uma empresa Scribd logo

Designing for Data Security by Karen Lopez

Karen Lopez
Karen Lopez

As security and complaince becomes more important for organizations, especially in the age of GDPR, data breach and other legislation, Karen covers the types of features data architects and designers should be considering when building modern, protected and defensive systems.

Dados e análise
1 de 50
Designing For Data Security Karen Lopez, InfoAdvisors www.datamodel.com
#TeamData
@Astro_DavidS
“Every design decision comes down to cost, benefit and risk.” - Karen Lopez
Mandatory Slide Ones and zeros … With a HAND!
 Day one  Collaborative  Responsible  Compliant  Required  Governed Security & Privacy by Design
Ready for 25 May? How can we get started? Can you help us get certified? Do you have software for this? Do you have a couple of weeks to help us get this done?
 No Methodology  No Models  Misfocused Management  No Measurement  Too Much Madness How Does this happen?
 Methodology  Models  Management  Measurement  Madness How Do We Mitigate?
Security at the data level Models capture security & privacy requirements Management reports of reviews Measurement In other words, Governance Methodology?
Data Quality is Also Data Protection
Security & Privacy in the DB and Data Models
Obligatory Hacker in a Hoodie Photo….
Security – Always Encrypted
Why would a DB Designer love it? Always Encrypted, yup Allows designers to not only specify which columns need to be protected, but how Parameters are encrypted as well Built in to the engine, easier for Devs
Dynamic Data Masking
Privacy -Dynamic Data Masking CREATE TABLE Membership( MemberID int IDENTITY PRIMARY KEY, FirstName varchar(100) MASKED WITH (FUNCTION = 'partial(1,"XXXXXXX",0)') NULL, LastName varchar(100) NOT NULL, Phone# varchar(12) MASKED WITH (FUNCTION = 'default()') NULL, Email varchar(100) MASKED WITH (FUNCTION = 'email()') NULL); INSERT Membership (FirstName, LastName, Phone#, Email) VALUES ('Roberto', 'Tamburello', '555.123.4567', 'RTamburello@contoso.com'), ('Janice', 'Galvin', '555.123.4568', 'JGalvin@contoso.com.co'), ('Zheng', 'Mu', '555.123.4569', 'ZMu@contoso.net');
Why would a Data Designer love it? Allows central, reusable design for standard masking Offers more reliable masking and more usable masking Removes whining about “we can do that later”
Security – Row Level Security
Why would a Data Designer love it? Allows a designer to do this sort of data protection IN THE DATABASE, not just rely on code. Many, many pieces of code.
Data Cataloging Scan-based AI-based Metadata! Data profiling
Data Classification/Categorization Syntax-based Sematic-based AI-based Data Profiling vs. Data Naming
Watson
What should we STOP doing? Nobody ever talks about this….
SQL Injection  WE ARE STILL DOING THIS!  IT’S STILL THE #1 (but unsecured storage is getting more popular)  TEST. TEST SOME MORE  Automated Testing  Governance is important
Auto-incremental Data Access
Test Data Bad Restoring Production to Development Restoring Production, with Masking Restoring Production, with Randomizing Restoring Production…anywhere Better Design Test Data Lorem Ipsum for Data Really, Design Test Data
Only Generalists No other profession uses this approach. The Body of Knowledge and the Required skillsets in IT and IS is too broad and changes to rapidly.
Trusting good people Good people don’t always stay that way People mess up Monitoring Checking Automatic alerting
What Skills Do Data Professionals Need for Data Protection? No one ever talks about this….
RO I
Data Protection and Security Level: Active Skills  Security Requirements  Security Techniques  Where to apply them  Whose Job is it?  Security testing & Validation  Security By Design  Data Governance
Big Data and Analytics Level: Literacy and Hands On Why: These new technologies and techniques are making it mainstream in most shops, whether they are installed or software as a service. Plus, we need to use them on our own data Who: All IT roles, especially data stewarding ones.
Literacy with Deep Learning, AI, Machine Learning Level: Literacy +++  How are they used?  What are the real life uses today?  Future uses  Privacy and Security requirements  Compliance trade-offs  Employee Monitoring
Data Quality & Reliability Level: Active Skills  Is the data right?  Is it current?  Should it be there at all?  Do we Know where it came from?  Do we know it was calculated correctly?  Are there any know anomalies?
How can we do all this? Cloud Services are a fantastic way to learn and get hands on skills. Online Tutorials are often free and self guided Learn from Experts & Case Studies Deprioritize tasks that are really just being done for tradition Hire help Automate away some tasks to make more time
One more time… Every Design Decision must be based on Cost, Benefit and Risk www.datamodel.com
Thank you! Go out and be great…and secure. Karen Lopez - @DataChick

Recomendados

Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Net at Work
 
D92-198gstindspdx
D92-198gstindspdxD92-198gstindspdx
D92-198gstindspdx
Thinkful
 
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
Skyl.ai
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
Putting data science in your business a first utility feedback
Putting data science in your business a first utility feedbackPutting data science in your business a first utility feedback
Putting data science in your business a first utility feedback
Peculium Crypto
 
Twitter Sentiment Analysis in 10 Minutes using Machine Learning
Twitter Sentiment Analysis in 10 Minutes using Machine LearningTwitter Sentiment Analysis in 10 Minutes using Machine Learning
Twitter Sentiment Analysis in 10 Minutes using Machine Learning
Skyl.ai
 
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
Big Data Week
 
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
OrateTeam
 

Recomendados

Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Net at Work
 
D92-198gstindspdx
D92-198gstindspdxD92-198gstindspdx
D92-198gstindspdx
Thinkful
 
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
AI in Healthcare: How to Implement Medical Imaging Using Machine Learning?
Skyl.ai
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
Putting data science in your business a first utility feedback
Putting data science in your business a first utility feedbackPutting data science in your business a first utility feedback
Putting data science in your business a first utility feedback
Peculium Crypto
 
Twitter Sentiment Analysis in 10 Minutes using Machine Learning
Twitter Sentiment Analysis in 10 Minutes using Machine LearningTwitter Sentiment Analysis in 10 Minutes using Machine Learning
Twitter Sentiment Analysis in 10 Minutes using Machine Learning
Skyl.ai
 
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
BDW17 London - Abed Ajraou - First Utility - Putting Data Science in your Bus...
Big Data Week
 
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
Pdf analytics-and-witch-doctoring -why-executives-succumb-to-the-black-box-me...
OrateTeam
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Cloudera, Inc.
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Jon Mead
 
Data Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data ProtectionData Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data Protection
Karen Lopez
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
Net at Work
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
Priyanka Aash
 
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
Dario Mangano
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Drew Madelung
 
BDA 2012 Big data why the big fuss?
BDA 2012 Big data why the big fuss?BDA 2012 Big data why the big fuss?
BDA 2012 Big data why the big fuss?
Christopher Bradley
 
How to classify documents automatically using NLP
How to classify documents automatically using NLPHow to classify documents automatically using NLP
How to classify documents automatically using NLP
Skyl.ai
 
Why do most machine learning projects never make it to production
Why do most machine learning projects never make it to productionWhy do most machine learning projects never make it to production
Why do most machine learning projects never make it to production
Cameron Vetter
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Chanchal Chatterjee PARTNERS 2017 Oct24
Chanchal Chatterjee PARTNERS 2017 Oct24Chanchal Chatterjee PARTNERS 2017 Oct24
Chanchal Chatterjee PARTNERS 2017 Oct24
Chanchal Chatterjee
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ... Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
Jai Natarajan
 
12 Steps to get Started with Cloud.pdf
12 Steps to get Started with Cloud.pdf12 Steps to get Started with Cloud.pdf
12 Steps to get Started with Cloud.pdf
Amazon Web Services
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine Learning
Skyl.ai
 
Data Analytics Today - Data, Tech, and Regulation.pdf
Data Analytics Today - Data, Tech, and Regulation.pdfData Analytics Today - Data, Tech, and Regulation.pdf
Data Analytics Today - Data, Tech, and Regulation.pdf
Hendri Karisma
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Stratio
 
Data Platform at Liv Up
Data Platform at Liv UpData Platform at Liv Up
Data Platform at Liv Up
Luiz Arakaki
 
ALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile SecurityALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile Security
BetterCloud
 
DGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIGDGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIG
Karen Lopez
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 

Mais conteúdo relacionado

Semelhante a Designing for Data Security by Karen Lopez

Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Cloudera, Inc.
 
How to classify documents automatically using NLP
How to classify documents automatically using NLPHow to classify documents automatically using NLP
How to classify documents automatically using NLP
Skyl.ai
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine Learning
Skyl.ai
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Stratio
 

Semelhante a Designing for Data Security by Karen Lopez (20)

Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
 
Data Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data ProtectionData Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data Protection
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
SDD2017 - 03 Abed Ajraou - putting data science in your business a first uti...
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
 
BDA 2012 Big data why the big fuss?
BDA 2012 Big data why the big fuss?BDA 2012 Big data why the big fuss?
BDA 2012 Big data why the big fuss?
 
How to classify documents automatically using NLP
How to classify documents automatically using NLPHow to classify documents automatically using NLP
How to classify documents automatically using NLP
 
Why do most machine learning projects never make it to production
Why do most machine learning projects never make it to productionWhy do most machine learning projects never make it to production
Why do most machine learning projects never make it to production
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Chanchal Chatterjee PARTNERS 2017 Oct24
Chanchal Chatterjee PARTNERS 2017 Oct24Chanchal Chatterjee PARTNERS 2017 Oct24
Chanchal Chatterjee PARTNERS 2017 Oct24
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
 
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ... Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
Enterprise Grade Data Labeling - Design Your Ground Truth to Scale in Produ...
 
12 Steps to get Started with Cloud.pdf
12 Steps to get Started with Cloud.pdf12 Steps to get Started with Cloud.pdf
12 Steps to get Started with Cloud.pdf
 
How to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine LearningHow to perform Secure Data Labeling for Machine Learning
How to perform Secure Data Labeling for Machine Learning
 
Data Analytics Today - Data, Tech, and Regulation.pdf
Data Analytics Today - Data, Tech, and Regulation.pdfData Analytics Today - Data, Tech, and Regulation.pdf
Data Analytics Today - Data, Tech, and Regulation.pdf
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
 
Data Platform at Liv Up
Data Platform at Liv UpData Platform at Liv Up
Data Platform at Liv Up
 
ALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile SecurityALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile Security
 

Mais de Karen Lopez

DGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIGDGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIG
Karen Lopez
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 
Expert Cloud Data Backup and Recovery Best Practice.pptx
Expert Cloud Data Backup and Recovery Best Practice.pptxExpert Cloud Data Backup and Recovery Best Practice.pptx
Expert Cloud Data Backup and Recovery Best Practice.pptx
Karen Lopez
 

Mais de Karen Lopez (18)

DGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIGDGIQ East 2023 AI Ethics SIG
DGIQ East 2023 AI Ethics SIG
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
 
Data in the Stars
Data in the StarsData in the Stars
Data in the Stars
 
Designer's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerDesigner's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServer
 
WhoseTinklingInYourDataLake - DAMA Chicago.pdf
WhoseTinklingInYourDataLake - DAMA Chicago.pdfWhoseTinklingInYourDataLake - DAMA Chicago.pdf
WhoseTinklingInYourDataLake - DAMA Chicago.pdf
 
Expert Cloud Data Backup and Recovery Best Practice.pptx
Expert Cloud Data Backup and Recovery Best Practice.pptxExpert Cloud Data Backup and Recovery Best Practice.pptx
Expert Cloud Data Backup and Recovery Best Practice.pptx
 
Manage Your Time So It Doesn't Manage You
Manage Your Time So It Doesn't Manage YouManage Your Time So It Doesn't Manage You
Manage Your Time So It Doesn't Manage You
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to Azure
 
Blockchain for the DBA and Data Professional
Blockchain for the DBA and Data ProfessionalBlockchain for the DBA and Data Professional
Blockchain for the DBA and Data Professional
 
Blockchain for the DBA and Data Professional
Blockchain for the DBA and Data ProfessionalBlockchain for the DBA and Data Professional
Blockchain for the DBA and Data Professional
 
Data Security and Protection in DevOps
Data Security and Protection in DevOps Data Security and Protection in DevOps
Data Security and Protection in DevOps
 
Fast Focus: SQL Server Graph Database & Processing
Fast Focus: SQL Server Graph Database & ProcessingFast Focus: SQL Server Graph Database & Processing
Fast Focus: SQL Server Graph Database & Processing
 
The Key to Keys - Database Design
The Key to Keys - Database DesignThe Key to Keys - Database Design
The Key to Keys - Database Design
 
How to Survive as a Data Architect in a Polyglot Database World
How to Survive as a Data Architect in a Polyglot Database WorldHow to Survive as a Data Architect in a Polyglot Database World
How to Survive as a Data Architect in a Polyglot Database World
 
Karen's Favourite Features of SQL Server 2016
Karen's Favourite Features of SQL Server 2016Karen's Favourite Features of SQL Server 2016
Karen's Favourite Features of SQL Server 2016
 
7 Databases in 70 minutes
7 Databases in 70 minutes7 Databases in 70 minutes
7 Databases in 70 minutes
 
Karen Lopez 10 Physical Data Modeling Blunders
Karen Lopez 10 Physical Data Modeling BlundersKaren Lopez 10 Physical Data Modeling Blunders
Karen Lopez 10 Physical Data Modeling Blunders
 
NoSQL and Data Modeling for Data Modelers
NoSQL and Data Modeling for Data ModelersNoSQL and Data Modeling for Data Modelers
NoSQL and Data Modeling for Data Modelers
 

Último

Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
AroojKhan71
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
Lars Albertsson
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Delhi Call girls
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
amitlee9823
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Delhi Call girls
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
shivangimorya083
 

Último (20)

BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 

Designing for Data Security by Karen Lopez

  • 1. Designing For Data Security Karen Lopez, InfoAdvisors www.datamodel.com
  • 4. “Every design decision comes down to cost, benefit and risk.” - Karen Lopez
  • 5. Mandatory Slide Ones and zeros … With a HAND!
  • 6.
  • 7.
  • 8.  Day one  Collaborative  Responsible  Compliant  Required  Governed Security & Privacy by Design
  • 9. Ready for 25 May? How can we get started? Can you help us get certified? Do you have software for this? Do you have a couple of weeks to help us get this done?
  • 10.  No Methodology  No Models  Misfocused Management  No Measurement  Too Much Madness How Does this happen?
  • 11.  Methodology  Models  Management  Measurement  Madness How Do We Mitigate?
  • 12. Security at the data level Models capture security & privacy requirements Management reports of reviews Measurement In other words, Governance Methodology?
  • 13.
  • 14.
  • 15. Data Quality is Also Data Protection
  • 16.
  • 17.
  • 18.
  • 19. Security & Privacy in the DB and Data Models
  • 20. Obligatory Hacker in a Hoodie Photo….
  • 22. Why would a DB Designer love it? Always Encrypted, yup Allows designers to not only specify which columns need to be protected, but how Parameters are encrypted as well Built in to the engine, easier for Devs
  • 24. Privacy -Dynamic Data Masking CREATE TABLE Membership( MemberID int IDENTITY PRIMARY KEY, FirstName varchar(100) MASKED WITH (FUNCTION = 'partial(1,"XXXXXXX",0)') NULL, LastName varchar(100) NOT NULL, Phone# varchar(12) MASKED WITH (FUNCTION = 'default()') NULL, Email varchar(100) MASKED WITH (FUNCTION = 'email()') NULL); INSERT Membership (FirstName, LastName, Phone#, Email) VALUES ('Roberto', 'Tamburello', '555.123.4567', 'RTamburello@contoso.com'), ('Janice', 'Galvin', '555.123.4568', 'JGalvin@contoso.com.co'), ('Zheng', 'Mu', '555.123.4569', 'ZMu@contoso.net');
  • 25. Why would a Data Designer love it? Allows central, reusable design for standard masking Offers more reliable masking and more usable masking Removes whining about “we can do that later”
  • 26. Security – Row Level Security
  • 27. Why would a Data Designer love it? Allows a designer to do this sort of data protection IN THE DATABASE, not just rely on code. Many, many pieces of code.
  • 31.
  • 32.
  • 33. What should we STOP doing? Nobody ever talks about this….
  • 34.
  • 35. SQL Injection  WE ARE STILL DOING THIS!  IT’S STILL THE #1 (but unsecured storage is getting more popular)  TEST. TEST SOME MORE  Automated Testing  Governance is important
  • 37. Test Data Bad Restoring Production to Development Restoring Production, with Masking Restoring Production, with Randomizing Restoring Production…anywhere Better Design Test Data Lorem Ipsum for Data Really, Design Test Data
  • 38. Only Generalists No other profession uses this approach. The Body of Knowledge and the Required skillsets in IT and IS is too broad and changes to rapidly.
  • 39. Trusting good people Good people don’t always stay that way People mess up Monitoring Checking Automatic alerting
  • 40.
  • 41. What Skills Do Data Professionals Need for Data Protection? No one ever talks about this….
  • 42. RO I
  • 43. Data Protection and Security Level: Active Skills  Security Requirements  Security Techniques  Where to apply them  Whose Job is it?  Security testing & Validation  Security By Design  Data Governance
  • 44. Big Data and Analytics Level: Literacy and Hands On Why: These new technologies and techniques are making it mainstream in most shops, whether they are installed or software as a service. Plus, we need to use them on our own data Who: All IT roles, especially data stewarding ones.
  • 45. Literacy with Deep Learning, AI, Machine Learning Level: Literacy +++  How are they used?  What are the real life uses today?  Future uses  Privacy and Security requirements  Compliance trade-offs  Employee Monitoring
  • 46. Data Quality & Reliability Level: Active Skills  Is the data right?  Is it current?  Should it be there at all?  Do we Know where it came from?  Do we know it was calculated correctly?  Are there any know anomalies?
  • 47. How can we do all this? Cloud Services are a fantastic way to learn and get hands on skills. Online Tutorials are often free and self guided Learn from Experts & Case Studies Deprioritize tasks that are really just being done for tradition Hire help Automate away some tasks to make more time
  • 48.
  • 49. One more time… Every Design Decision must be based on Cost, Benefit and Risk www.datamodel.com
  • 50. Thank you! Go out and be great…and secure. Karen Lopez - @DataChick

Notas do Editor

  1. Karen
  2. Karen
  3. Karen
  4. Karen
  5. Karen