SlideShare uma empresa Scribd logo

New enterprise application and data security challenges and solutions apr 25 2019 - ulf mattsson k

Transferir como PPTX, PDF
Ulf Mattsson
Ulf Mattsson

Ulf Mattsson presented on new enterprise application and data security challenges and solutions. He discussed how 20% of organizations are expected to budget for quantum computing projects by 2023 compared to less than 1% currently. He also summarized that web application security is needed based on Verizon's 2018 breach report showing many breaches originate from applications. Finally, he emphasized the importance of integrating security into the application development process from the beginning using approaches like SecDevOps and DevSecOps.

Tecnologia
1 de 60
1 New Enterprise Application and Data Security Challenges and Solutions Ulf Mattsson www.TokenEx.com
2 Ulf Mattsson, BIO + Mr. Mattsson is currently the Head of Innovation at TokenEx, a cloud-based data security company, was previously Chief Technology Officer at Atlantic BT Security Solutions, and earlier Chief Technology Officer at Compliance Engineering. He was the Chief Technology Officer and a technology founder of Protegrity. + Prior to Protegrity, he worked 20 years at IBM's Research and Development organization, in the areas of Application and Database Security. He also worked at companies providing Data Discovery Services, Cloud Application Security Brokers, Web Application Firewalls, Managed Security Service, Security Operation Center, and Cybersecurity consulting. + Mr. Mattsson is an Inventor of 73 Awarded and Issued US Patents. + He delivered joint Application and Data Protection products and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Teradata, and RSA Security (Dell). Mr. Mattsson is a also advising companies in the area of AI, Machine Learning and Quantum Computing technologies. + Mr. Mattsson also owns and manages the BrightTALK “Cybersecurity - The No Spin Zone” and “The Blockchain Channel.”
3 *: By 2023, 20% of organizations will be budgeting for quantum computing projects, compared to less than 1% in 2018, Gartner. *
4 Web Application Security is Needed Source: Verizon 2018 Data Breach Investigations Report
5 Application Security
6 Data Security Context Operating System Security Controls OS File System Database Application Framework Application Source Code Data Security Context High Low Application Data Network External Network Internal Network Application Server 6
7 Integration of Security into Application Development
8 SecDevOps vs DevSecOps SecDevOps (Securing DevOps) 1. Embed security into the DevOps style of operation 2. Ensuring "secure by design" discipline in the software delivery methodology using techniques such as automated security review of code, automated application security testing DevSecOps (Applying DevOps to Security Operations) 1. Developing and deploying a series of minimum viable products on security programs 2. In implementing security log monitoring, rather than have very large high value program with a waterfall delivery plan to design, implement, test 3. Operating a SIEM that monitors a large number of log sources 4. Onboard small sets of sources onto a cloud based platform and slowly evolve the monitoring capability Source: Capgemini 8
9 Security Controls Must Be Programmable and Automated Wherever Possible Source: Gartner
10 Security Tools for DevOps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Fuzz testing is essentially throwing lots of random garbage Vulnerability Analysis Runtime Application Self Protection (RASP) Interactive Application Self- Testing (IAST) 10
11 11
12
13
14
15
16 Automating Pathing of Vulnerable Open-Source Software Versions in Application Binaries Source: Peking University, 2019
17 The API Economy
18 The API Product Manager Sits Between API Consumers and API Producers Source: Gartner
19 Source: Gartner Coding security directly into APIs has the following disadvantages: ■ Violates separation of duties. ■ Makes code more complex and fragile. ■ Adds extra maintenance burden. ■ Is unlikely to cover all aspects that are required in a full API security policy. ■ Not reusable. ■ Not visible to security teams. Security for Microservices
20 API Security Building Blocks Source: Gartner
21 Source: Gartner Apply policies to APIs (for example, using an API gateway) but avoid situations where each API has a unique security policy Instead, leverage a reusable set of policies that are applied to APIs based on their categorization. Abstract any specific API characteristics (such as URL path) from the policies themselves Products Delivering API Security
22 AI-Driven Development AI-driven development explores the evolution of tools, technologies and best practices for embedding AI capabilities into applications. It also explores the use of AI to create AI-powered tools used in the development process itself. This trend is evolving along three dimensions: ■ The tools used to build AI-powered solutions are expanding from tools targeting data scientists (AI infrastructure, AI frameworks and AI platforms) to tools targeting the professional developer community (AI platforms and AI services). ■ The tools used to build AI-powered solutions are themselves being empowered with AI-driven capabilities that assist professional developers and automate tasks related to the development of AI- enhanced solutions. ■ AI-enabled tools in particular are evolving from assisting and automating functions related to application development (AD) to being enhanced with business-domain expertise and automating activities higher on the AD process stack (from general development to business solution design). Source: Gartner , 2018
23 Data Protection and Privacy Options
24 Positioning of some Encryption and Privacy Models Source: INTERNATIONAL STANDARD ISO/IEC 20889 Privacy enhancing data de-identification terminology and classification of techniques Data has the same format, including the length, as the original data. Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM)De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted with the same public key can be combined K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator” The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records Enc Enc Enc App Curator*Dec __ __ __ *: Example Apple
25 Positioning of Encryption models Source: INTERNATION AL STANDARD ISO/IEC 20889 Reference number ISO/IEC 20889:2018(E) First edition 2018-11 Format Preserving Encryption (FPE) Format-preserving encryption is designed for data that is not necessarily binary. In particular, given any finite set of symbols, like the decimal numerals, a method for format-preserving encryption transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format, including the length, as the original data. Homomorphic Encryption (HE) Homomorphic encryption is a form of randomized encryption. When employed as part of a de-identification technique, homomorphic encryption is able to be used to replace any identifying or sensitive attribute within a data record with an encrypted value. The property of homomorphic encryption that enables the usefulness of the de-identified data is that two values encrypted with the same public key can be combined with the homomorphic operator of the cryptographic scheme to produce a new ciphertext representing the result of the operation on the de-identified values. Server model Mechanisms that follow the “server model” for differential privacy typically preserve data in unmodified form in a secure database. In order to preserve privacy, responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator”. The curator takes queries from system users, or from reporting software, and obtains the correct, noise-free answer from the database. Local model The local model is useful when the entity receiving the data is not necessarily trusted by the data principals, or if the entity receiving the data is looking to reduce risk and practice data minimization. L-diversity L-diversity is an enhancement to K-anonymity for datasets with poor attribute variability. It is designed to protect against deterministic inference attempts by ensuring that each equivalence class has at least L well- represented values for each sensitive attribute. L-diversity is not a single model but a group of models (E.7). Each model has diversity defined slightly differently, e.g. by counting distinct values or by entropy. T-closeness T-closeness is an enhancement to L-diversity for datasets with attributes that are unevenly distributed, belong to a small range of values, or are categorical. It is designed to protect against statistical inference attempts, as it ensures that the distance between the distribution of a sensitive attribute in any equivalence class and the distribution of the attribute in the overall dataset is less than a threshold T. This technique is useful when it is important for the resulting dataset to remain as close as possible to the original one. De- identification techniques (DT) Cryptographic tools (CT) Differential Privacy (DP) Privacy enhancing data de-identification terminology and classification of techniques K-anonymity model Formal privacy measurement models (PMM)
26 Multiparty Computing (MPC) Source: Gartner , 2018
27 Secure multi-party computation (MPC) and Homomorphic encryption
28 Secure Multi-Party Computation (MPC) Source: https://eprint.iacr.org/2018/450.pd
29 Security Metrics from DevOps # Vulnerabilities Time
30 Securing Big Data - Examples of Security Agents Import de-identified data Export identifiable data Export audit for reporting Data protection at database, application, file Or in a staging area HDFS (Hadoop Distributed File System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS MapReduce (Job Scheduling/Execution System) OS File System Big Data Data Security Agents, including encryption, tokenization or masking of fields or files (at transit and rest) 30 SecDevOps
31 Generating Key Security Metrics 31 # Vulnerabilities Time
32 Cloud
33 Protect Sensitive Cloud Data Internal Network Administrator Attacker Remote User Internal User Public Cloud Examples Each sensitive field is protected Each authorized field is in clear Cloud Gateway 33 Data Security Agents, including encryption, tokenization or masking of fields or files (at transit and rest) SecDevOps The issue is INTENTIONAL use of UNSANCTIONED public cloud storage for ease of use for corporate data
34 Corporate Network Security Gateway Deployment – Hybrid Cloud 034 Client System Enterprise Security Administrator Security Officer Public Cloud Cloud Gateway Private Cloud Out-sourced
35 Corporate Network Security Gateway Deployment – Hybrid Cloud 035 Client System Enterprise Security Administrator Security Officer Private Cloud Public Cloud Cloud Gateway Out-sourced
36 Corporate Network 036 Client System Cloud Gateway Enterprise Security Administrator Security Officer Security Gateway – Searchable Encryption RDBMS Query re-write Order preserving encryption
37 Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design GDPR Security Requirements – Encryption and Tokenization
38 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Example of Cross Border Data-centric Security • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
39 Encryption & Tokenization
40 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem
41 Quantum Computing
42 Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns the head of IBM Research. This could happen in a little more than five years because of advances in quantum computer technologies. 42Source: IBM and ZDNet Security Concerns with Quantum Encryption
43Source: Quantum Computing Inc
44 Source: Gartner Microsoft Predicts Five-year Wait for Quantum Computing in Azure
45
46
47 Quantum Computing Breaking Algorithms Source: ANSI X9 Source: ANSI X9
48 Standards in Identity Management
49 #1 Siloed (Centralized) Identity YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org
50 #2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org
51 #3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID).
52 #3 Self-Sovereign Identity (SSI) PEER DISTRIBUTED LEDGER (BLOCKCHAIN) DIGITAL WALLET CONNECTION GET CREDENTIAL SHOW CREDENTIAL 1 DIDs 2 DKMS 3 DID AUTH 4 Verifiable Credentials Source: Sovrin.org
53 The Trust Model behind Decentralized Identity
54 Industry Standards
55 Emerging De Jure Standards for SSI Verifiable Credentials DID Auth DKMS (Decentralized Key Management System) DID (Decentralized Identifier) Source: Sovrin.org
56 • Format-preserving encryption (FPE) is useful in situations where fixed-format data, such as Primary account numbers Social Security numbers, must be protected. • FPE will limit changes to existing communication protocols, database schemata or application code. 56Source: Accredited Standards Committee ANSI X9 2018 ANSI X9 STANDARD FOR FORMAT PRESERVING ENCRYPTION
57
58
59
60 Thank You! Ulf Mattsson, TokenEx ullf@ulfmattsson.com www.TokenEx.com Webinar Title: New Enterprise Application and Data Security Challenges and Solutions Webcast Live Date & Time: 10:00 am Apr 25 2019 United States - Los Angeles

Recomendados

Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryptionijcisjournal
 
Privacy ml session_gdg
Privacy ml session_gdgPrivacy ml session_gdg
Privacy ml session_gdgSharmistha Chatterjee
 
Only Abstract
Only AbstractOnly Abstract
Only Abstractguesta67d4a
 
Privacy Preserving Mining in Code Profiling Data
Privacy Preserving Mining in Code Profiling DataPrivacy Preserving Mining in Code Profiling Data
Privacy Preserving Mining in Code Profiling DataDr. Amarjeet Singh
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCE
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCESURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCE
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCEAM Publications,India
 
Modified RSA-based algorithm: a double secure approach
Modified RSA-based algorithm: a double secure approachModified RSA-based algorithm: a double secure approach
Modified RSA-based algorithm: a double secure approachTELKOMNIKA JOURNAL
 

Recomendados

Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryptionijcisjournal
 
Privacy ml session_gdg
Privacy ml session_gdgPrivacy ml session_gdg
Privacy ml session_gdgSharmistha Chatterjee
 
Only Abstract
Only AbstractOnly Abstract
Only Abstractguesta67d4a
 
Privacy Preserving Mining in Code Profiling Data
Privacy Preserving Mining in Code Profiling DataPrivacy Preserving Mining in Code Profiling Data
Privacy Preserving Mining in Code Profiling DataDr. Amarjeet Singh
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCE
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCESURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCE
SURVEY OF COMPRESSION AND CRYPTOGRAPHY TECHNIQUES OF DATA SECURITY IN E-COMMERCEAM Publications,India
 
Modified RSA-based algorithm: a double secure approach
Modified RSA-based algorithm: a double secure approachModified RSA-based algorithm: a double secure approach
Modified RSA-based algorithm: a double secure approachTELKOMNIKA JOURNAL
 
A Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing SecurityA Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing SecurityAssociate Professor in VSB Coimbatore
 
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYA NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYcscpconf
 
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...Kumar Goud
 
Attack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu AkindeindeAttack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu AkindeindeBipin Upadhyay
 
Security Analysis and Data Visualization
Security Analysis and Data VisualizationSecurity Analysis and Data Visualization
Security Analysis and Data VisualizationOluseyi Akindeinde
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEAM Publications,India
 
Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
IRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network FlowIRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network FlowIRJET Journal
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyPrivacy Data Protection for Engineering
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Privacy Data Protection for Engineering
 
Security for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP AuthenticationSecurity for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP Authenticationpaperpublications3
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
CTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408BCTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408BPatrick Maroney
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
4.content (stenography)
4.content (stenography)4.content (stenography)
4.content (stenography)JIEMS Akkalkuwa
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd Iaetsd
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Ulf Mattsson
 

Mais conteúdo relacionado

Mais procurados

A Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing SecurityA Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing SecurityAssociate Professor in VSB Coimbatore
 
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYA NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYcscpconf
 
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...Kumar Goud
 
Attack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu AkindeindeAttack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu AkindeindeBipin Upadhyay
 
Security Analysis and Data Visualization
Security Analysis and Data VisualizationSecurity Analysis and Data Visualization
Security Analysis and Data VisualizationOluseyi Akindeinde
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEAM Publications,India
 
Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
 
IRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network FlowIRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network FlowIRJET Journal
 
Security for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP AuthenticationSecurity for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP Authenticationpaperpublications3
 
CTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408BCTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408BPatrick Maroney
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd Iaetsd
 

Mais procurados (20)

A Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing SecurityA Brief Survey on Various Technologies Involved in Cloud Computing Security
A Brief Survey on Various Technologies Involved in Cloud Computing Security
 
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYA NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHY
 
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
 
Attack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu AkindeindeAttack Simulation And Threat Modeling -Olu Akindeinde
Attack Simulation And Threat Modeling -Olu Akindeinde
 
Security Analysis and Data Visualization
Security Analysis and Data VisualizationSecurity Analysis and Data Visualization
Security Analysis and Data Visualization
 
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGEHYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
HYBRID CRYPTOSYSTEM FOR SECURE DATA STORAGE
 
Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...Improved method for image security based on chaotic-shuffle and chaotic-diffu...
Improved method for image security based on chaotic-shuffle and chaotic-diffu...
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020
 
IRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network FlowIRJET- A Survey for an Efficient Secure Guarantee in Network Flow
IRJET- A Survey for an Efficient Secure Guarantee in Network Flow
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_study
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
 
Security for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP AuthenticationSecurity for Hard AI Problems Using CaRP Authentication
Security for Hard AI Problems Using CaRP Authentication
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
CTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408BCTI Tokenization Concepts 160408B
CTI Tokenization Concepts 160408B
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision Tree
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
4.content (stenography)
4.content (stenography)4.content (stenography)
4.content (stenography)
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1
 

Semelhante a New enterprise application and data security challenges and solutions apr 25 2019 - ulf mattsson k

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Ulf Mattsson
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemIRJET Journal
 
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...dbpublications
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case StudyEvelyn Donaldson
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448IJRAT
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesDebbie A. Everson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Emerging Data Privacy and Security for Cloud
Emerging Data Privacy and Security for CloudEmerging Data Privacy and Security for Cloud
Emerging Data Privacy and Security for CloudUlf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
What i learned at gartner summit 2019
What i learned at gartner summit 2019What i learned at gartner summit 2019
What i learned at gartner summit 2019Ulf Mattsson
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET Journal
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...IRJET Journal
 
Knowledge brief securonix-ueba-market_2018-spark-matrix
Knowledge brief securonix-ueba-market_2018-spark-matrixKnowledge brief securonix-ueba-market_2018-spark-matrix
Knowledge brief securonix-ueba-market_2018-spark-matrixPrachi Joshi
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 

Semelhante a New enterprise application and data security challenges and solutions apr 25 2019 - ulf mattsson k (20)

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption System
 
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case Study
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Emerging Data Privacy and Security for Cloud
Emerging Data Privacy and Security for CloudEmerging Data Privacy and Security for Cloud
Emerging Data Privacy and Security for Cloud
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
What i learned at gartner summit 2019
What i learned at gartner summit 2019What i learned at gartner summit 2019
What i learned at gartner summit 2019
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
 
Knowledge brief securonix-ueba-market_2018-spark-matrix
Knowledge brief securonix-ueba-market_2018-spark-matrixKnowledge brief securonix-ueba-market_2018-spark-matrix
Knowledge brief securonix-ueba-market_2018-spark-matrix
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 

Mais de Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 

Mais de Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

New enterprise application and data security challenges and solutions apr 25 2019 - ulf mattsson k

  • 1. 1 New Enterprise Application and Data Security Challenges and Solutions Ulf Mattsson www.TokenEx.com
  • 2. 2 Ulf Mattsson, BIO + Mr. Mattsson is currently the Head of Innovation at TokenEx, a cloud-based data security company, was previously Chief Technology Officer at Atlantic BT Security Solutions, and earlier Chief Technology Officer at Compliance Engineering. He was the Chief Technology Officer and a technology founder of Protegrity. + Prior to Protegrity, he worked 20 years at IBM's Research and Development organization, in the areas of Application and Database Security. He also worked at companies providing Data Discovery Services, Cloud Application Security Brokers, Web Application Firewalls, Managed Security Service, Security Operation Center, and Cybersecurity consulting. + Mr. Mattsson is an Inventor of 73 Awarded and Issued US Patents. + He delivered joint Application and Data Protection products and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Teradata, and RSA Security (Dell). Mr. Mattsson is a also advising companies in the area of AI, Machine Learning and Quantum Computing technologies. + Mr. Mattsson also owns and manages the BrightTALK “Cybersecurity - The No Spin Zone” and “The Blockchain Channel.”
  • 3. 3 *: By 2023, 20% of organizations will be budgeting for quantum computing projects, compared to less than 1% in 2018, Gartner. *
  • 4. 4 Web Application Security is Needed Source: Verizon 2018 Data Breach Investigations Report
  • 6. 6 Data Security Context Operating System Security Controls OS File System Database Application Framework Application Source Code Data Security Context High Low Application Data Network External Network Internal Network Application Server 6
  • 8. 8 SecDevOps vs DevSecOps SecDevOps (Securing DevOps) 1. Embed security into the DevOps style of operation 2. Ensuring "secure by design" discipline in the software delivery methodology using techniques such as automated security review of code, automated application security testing DevSecOps (Applying DevOps to Security Operations) 1. Developing and deploying a series of minimum viable products on security programs 2. In implementing security log monitoring, rather than have very large high value program with a waterfall delivery plan to design, implement, test 3. Operating a SIEM that monitors a large number of log sources 4. Onboard small sets of sources onto a cloud based platform and slowly evolve the monitoring capability Source: Capgemini 8
  • 9. 9 Security Controls Must Be Programmable and Automated Wherever Possible Source: Gartner
  • 10. 10 Security Tools for DevOps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Fuzz testing is essentially throwing lots of random garbage Vulnerability Analysis Runtime Application Self Protection (RASP) Interactive Application Self- Testing (IAST) 10
  • 11. 11 11
  • 12. 12
  • 13. 13
  • 14. 14
  • 15. 15
  • 16. 16 Automating Pathing of Vulnerable Open-Source Software Versions in Application Binaries Source: Peking University, 2019
  • 18. 18 The API Product Manager Sits Between API Consumers and API Producers Source: Gartner
  • 19. 19 Source: Gartner Coding security directly into APIs has the following disadvantages: ■ Violates separation of duties. ■ Makes code more complex and fragile. ■ Adds extra maintenance burden. ■ Is unlikely to cover all aspects that are required in a full API security policy. ■ Not reusable. ■ Not visible to security teams. Security for Microservices
  • 20. 20 API Security Building Blocks Source: Gartner
  • 21. 21 Source: Gartner Apply policies to APIs (for example, using an API gateway) but avoid situations where each API has a unique security policy Instead, leverage a reusable set of policies that are applied to APIs based on their categorization. Abstract any specific API characteristics (such as URL path) from the policies themselves Products Delivering API Security
  • 22. 22 AI-Driven Development AI-driven development explores the evolution of tools, technologies and best practices for embedding AI capabilities into applications. It also explores the use of AI to create AI-powered tools used in the development process itself. This trend is evolving along three dimensions: ■ The tools used to build AI-powered solutions are expanding from tools targeting data scientists (AI infrastructure, AI frameworks and AI platforms) to tools targeting the professional developer community (AI platforms and AI services). ■ The tools used to build AI-powered solutions are themselves being empowered with AI-driven capabilities that assist professional developers and automate tasks related to the development of AI- enhanced solutions. ■ AI-enabled tools in particular are evolving from assisting and automating functions related to application development (AD) to being enhanced with business-domain expertise and automating activities higher on the AD process stack (from general development to business solution design). Source: Gartner , 2018
  • 24. 24 Positioning of some Encryption and Privacy Models Source: INTERNATIONAL STANDARD ISO/IEC 20889 Privacy enhancing data de-identification terminology and classification of techniques Data has the same format, including the length, as the original data. Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM)De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted with the same public key can be combined K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator” The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records Enc Enc Enc App Curator*Dec __ __ __ *: Example Apple
  • 25. 25 Positioning of Encryption models Source: INTERNATION AL STANDARD ISO/IEC 20889 Reference number ISO/IEC 20889:2018(E) First edition 2018-11 Format Preserving Encryption (FPE) Format-preserving encryption is designed for data that is not necessarily binary. In particular, given any finite set of symbols, like the decimal numerals, a method for format-preserving encryption transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format, including the length, as the original data. Homomorphic Encryption (HE) Homomorphic encryption is a form of randomized encryption. When employed as part of a de-identification technique, homomorphic encryption is able to be used to replace any identifying or sensitive attribute within a data record with an encrypted value. The property of homomorphic encryption that enables the usefulness of the de-identified data is that two values encrypted with the same public key can be combined with the homomorphic operator of the cryptographic scheme to produce a new ciphertext representing the result of the operation on the de-identified values. Server model Mechanisms that follow the “server model” for differential privacy typically preserve data in unmodified form in a secure database. In order to preserve privacy, responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator”. The curator takes queries from system users, or from reporting software, and obtains the correct, noise-free answer from the database. Local model The local model is useful when the entity receiving the data is not necessarily trusted by the data principals, or if the entity receiving the data is looking to reduce risk and practice data minimization. L-diversity L-diversity is an enhancement to K-anonymity for datasets with poor attribute variability. It is designed to protect against deterministic inference attempts by ensuring that each equivalence class has at least L well- represented values for each sensitive attribute. L-diversity is not a single model but a group of models (E.7). Each model has diversity defined slightly differently, e.g. by counting distinct values or by entropy. T-closeness T-closeness is an enhancement to L-diversity for datasets with attributes that are unevenly distributed, belong to a small range of values, or are categorical. It is designed to protect against statistical inference attempts, as it ensures that the distance between the distribution of a sensitive attribute in any equivalence class and the distribution of the attribute in the overall dataset is less than a threshold T. This technique is useful when it is important for the resulting dataset to remain as close as possible to the original one. De- identification techniques (DT) Cryptographic tools (CT) Differential Privacy (DP) Privacy enhancing data de-identification terminology and classification of techniques K-anonymity model Formal privacy measurement models (PMM)
  • 27. 27 Secure multi-party computation (MPC) and Homomorphic encryption
  • 28. 28 Secure Multi-Party Computation (MPC) Source: https://eprint.iacr.org/2018/450.pd
  • 29. 29 Security Metrics from DevOps # Vulnerabilities Time
  • 30. 30 Securing Big Data - Examples of Security Agents Import de-identified data Export identifiable data Export audit for reporting Data protection at database, application, file Or in a staging area HDFS (Hadoop Distributed File System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS MapReduce (Job Scheduling/Execution System) OS File System Big Data Data Security Agents, including encryption, tokenization or masking of fields or files (at transit and rest) 30 SecDevOps
  • 31. 31 Generating Key Security Metrics 31 # Vulnerabilities Time
  • 33. 33 Protect Sensitive Cloud Data Internal Network Administrator Attacker Remote User Internal User Public Cloud Examples Each sensitive field is protected Each authorized field is in clear Cloud Gateway 33 Data Security Agents, including encryption, tokenization or masking of fields or files (at transit and rest) SecDevOps The issue is INTENTIONAL use of UNSANCTIONED public cloud storage for ease of use for corporate data
  • 34. 34 Corporate Network Security Gateway Deployment – Hybrid Cloud 034 Client System Enterprise Security Administrator Security Officer Public Cloud Cloud Gateway Private Cloud Out-sourced
  • 35. 35 Corporate Network Security Gateway Deployment – Hybrid Cloud 035 Client System Enterprise Security Administrator Security Officer Private Cloud Public Cloud Cloud Gateway Out-sourced
  • 36. 36 Corporate Network 036 Client System Cloud Gateway Enterprise Security Administrator Security Officer Security Gateway – Searchable Encryption RDBMS Query re-write Order preserving encryption
  • 37. 37 Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design GDPR Security Requirements – Encryption and Tokenization
  • 38. 38 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Example of Cross Border Data-centric Security • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
  • 40. 40 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem
  • 42. 42 Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns the head of IBM Research. This could happen in a little more than five years because of advances in quantum computer technologies. 42Source: IBM and ZDNet Security Concerns with Quantum Encryption
  • 44. 44 Source: Gartner Microsoft Predicts Five-year Wait for Quantum Computing in Azure
  • 45. 45
  • 46. 46
  • 47. 47 Quantum Computing Breaking Algorithms Source: ANSI X9 Source: ANSI X9
  • 49. 49 #1 Siloed (Centralized) Identity YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org
  • 50. 50 #2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org
  • 51. 51 #3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID).
  • 52. 52 #3 Self-Sovereign Identity (SSI) PEER DISTRIBUTED LEDGER (BLOCKCHAIN) DIGITAL WALLET CONNECTION GET CREDENTIAL SHOW CREDENTIAL 1 DIDs 2 DKMS 3 DID AUTH 4 Verifiable Credentials Source: Sovrin.org
  • 53. 53 The Trust Model behind Decentralized Identity
  • 55. 55 Emerging De Jure Standards for SSI Verifiable Credentials DID Auth DKMS (Decentralized Key Management System) DID (Decentralized Identifier) Source: Sovrin.org
  • 56. 56 • Format-preserving encryption (FPE) is useful in situations where fixed-format data, such as Primary account numbers Social Security numbers, must be protected. • FPE will limit changes to existing communication protocols, database schemata or application code. 56Source: Accredited Standards Committee ANSI X9 2018 ANSI X9 STANDARD FOR FORMAT PRESERVING ENCRYPTION
  • 57. 57
  • 58. 58
  • 59. 59
  • 60. 60 Thank You! Ulf Mattsson, TokenEx ullf@ulfmattsson.com www.TokenEx.com Webinar Title: New Enterprise Application and Data Security Challenges and Solutions Webcast Live Date & Time: 10:00 am Apr 25 2019 United States - Los Angeles