Mais conteúdo relacionado Semelhante a Security of IoT Data: Implementing Data-Centric Security and User Access Strategy (20) Security of IoT Data: Implementing Data-Centric Security and User Access Strategy2. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
2
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
3. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Predix: PaaS for the Industrial Internet
3
4. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 4
Authorization
Encryption
Authentication
Auditing
Masking
Security within PaaS for the Industrial Internet
Data
Network
Application
Endpoint
IaaS
5. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
BlueTalon: Data-Centric Security on Predix PaaS
5
Cloud
management
Edge
enforcement
6. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
6
• Security applied one system at a time
– Inconsistency, duplication, chaos
• Security applied with a central policy
– Consistency, efficiency, simplicity
BlueTalon: Data-Centric Security Across Data Platforms
7. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Security and Regulatory Trends that Affect Industrial Businesses
EAR violations criminal fines increased in excess of 5,000% YTY in 2014 and almost
1,000% in administrative penalties (Source: US DOC BIS)
Enforcement is on the Rise
ITAR violation risks
• Significant Accrual of Fines
• Denial of Export Privileges
• Mandatory Increase in Staffing
• Regular External Audits
• Loss of, or Completely Damaged, Public Reputation
Due to Facebook European Privacy Violations and NSA practices on Oct 6, 2015
European Court of Justice declares Safe Harbor invalid
Facebook is facing daily fines of €250,000 in Belgium after a data protection
court ruling for illegally tracking data from non members
Results of the 2013 Data Breach
• CEO steps down
• 46% drop in profits due to reputational damage
with $1.47 negative affect on EPS
• $100M Cost to upgrade affected systems
• 2014 SEC filing – Total expenses $252M
• On going settlement costs
Fines are Higher
Data Breaches Affect the Bottom Line
5
8. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Data Security Requirements in Predix
1. Data owners and regulatory entities define policies of use
- Definition of policies must be owned by business stakeholders
2. Automated enforcement of policies across data platforms
- Policies managed by business owners must be enforceable independent of data platform
- Enforcement of these policies must be demonstrable to auditors
- Enforcement must distributed and consistent
3. Preserving end user experience is paramount
- End users of the data must be able to use any tool they want
- Policy management processes/applications must be focused on business users
8
9. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
9
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
10. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies are Defined by Business within a Context
“Patient information and exams are sensitive data”
“Our contracts prohibit the use of machine diagnostics data
to redesign products”
“Service managers should be able to see only their fleet data”
10
11. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies Applied at the Data Layer Enables Business
Blocking
Enabling
11
“Patient information and exams are sensitive data”
“Our contracts prohibit the use of customer data outside west coast”
12. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Controlling Access for Different Users & Needs
Row filtering
Field level
Cell level
Sub-cell level masking
12
Joyce looks up
her data
Her manager looks
up Joyce’s data
13. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Example of Controls Directly Applied On Data
• Access to client account is conditional, based on zipcode
• Data is partially masked
Results
Rules on Data
13
14. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Attributes Bring Context to Policies
type
location
title / role
group
function
clearance level
LOB
user session
location
timestamp
application
connection type
data
sensitivity
clearance required
action requested
# of rows returned
data source
• Context helps assess whether the data request is legitimate
14
15. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
15
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
16. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Why Centralizing Policy Decisions, Distributing Enforcement?
• IoT Platforms and Predix are hybrid environments that make
use of multiple modern data management platforms:
– RDBMS
– Hadoop
– Spark
– Cassandra
– Cloud repositories
16
Cloud On-prem
17. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Centralize Decisions to Manage Polices from One Place
17
Authorization — what a user or a role can do with the data
Decision — against all rules, can a user see a data element
Enforcement — apply the decision at the time of user’s request
18. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Example from Spark on Edge with BlueTalon on Predix
18
19. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
19
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
20. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 20
[3] Visibility Leverage the Same Enforcement Points
21. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Visibility into Data Activity
• Complete audit trail of data usage with contextual information
• Key to detection of unusual data access patterns
• Tracks policy changes to ensure compliance
What policy
was triggered
Original and
modified queriesWhat they
tried to do
21
22. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Feedback Loop with Visibility and Control
22
DATADataVisibility Control
23. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 23
Examples of Data Security Visibility Reports
24. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
24
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
25. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Delivers Data-Centric Security
Security
Admins
Hadoop RDBMS
Business Users, Data
Scientists, Developers
BlueTalon Enforcement Points
Any Application
Data Repositories
BlueTalon
Policy Engine
BlueTalon
Audit Engine
CloudSpark NoSQL
25
26. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 26
High Performance with BlueTalon
Single digit (<3%) overhead. Unnoticeable by end users!
6.9
125.55
7.03
124.98
Teragen
Terasort
Files (1TB, mins)
Without BlueTalon With BlueTalon
Queries
Tested in EMC lab Tested on GE Predix platform
27. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Works
Data Repositories
Applications
Business Users, Data Scientists, Developers
BlueTalon Enforcement Points
BlueTalon
Policy
Engine
Active
Directory
USER
REQUEST
2
3 USER
REQUEST
4
MODIFIED,
COMPLIANT
REQUEST
COMPLIANT
RESULTS5
6
BlueTalon
Auditing Security
Admins
1
BlueTalon
Policy
Console
Security
Admins
27
28. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
28
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works
29. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
“Organizations expecting to implement big
data projects should consider BlueTalon
wherever sensitive data is or may be exposed.”
Merv Adrian, Gartner Group, “Cool Vendors in DBMS”, 2016
29
30. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Contact use today!
30
• What’s your use case?
– Contact us today at 1-888-534-7154 or info@bluetalon.com
• Download BlueTalon today!
• http://pages.bluetalon-security.com/SecureAccess-for-WebHDFS
Notas do Editor Characteristics of Predix that inform security decisions
Multiple data and analytics platforms provided as a single service
Each service contains data storage and analytics tools integrated seamlessly
Diverse user population with different needs
Differentiated access to a variety of data elements at any level
Highly regulated Industrial data
Security controls need to accommodate a variety of regulations Characteristics of Predix that inform security decisions
Multiple data and analytics platforms provided as a single service
Each service contains data storage and analytics tools integrated seamlessly
Diverse user population with different needs
Differentiated access to a variety of data elements at any level
Highly regulated Industrial data
Security controls need to accommodate a variety of regulations Characteristics of Predix that inform security decisions
Multiple data and analytics platforms provided as a single service
Each service contains data storage and analytics tools integrated seamlessly
Diverse user population with different needs
Differentiated access to a variety of data elements at any level
Highly regulated Industrial data
Security controls need to accommodate a variety of regulations Characteristics of Predix that inform security decisions
Multiple data and analytics platforms provided as a single service
Each service contains data storage and analytics tools integrated seamlessly
Diverse user population with different needs
Differentiated access to a variety of data elements at any level
Highly regulated Industrial data
Security controls need to accommodate a variety of regulations