SlideShare uma empresa Scribd logo

New york oracle users group 2013 spring general meeting ulf mattsson

Ulf Mattsson
Ulf Mattsson

My presentation at the New York Oracle Users Group 2013 Spring General Meeting "Bridging the Gap Between Privacy and Data Insight"

Tecnologia
1 de 46
Bridging the Gap Between Privacy and Data Insight Ulf Mattsson CTO, Protegrity ulf . mattsson [at] protegrity . com
2 Security Analysis Customer Support Customer Profiles Sales & Marketing Social Media Business Improvement Big Data Regulations & Breaches Increased profits Increased profits Increased profits Increased profits Increased profits Balancing security and data insight
Balancing security and data insight Tug of war between security and data insight Big Data is designed for access, not security Privacy regulations require de-identification which creates problems with privileged users in an access control security model Only way to truly protect data is to provide data- level protection Traditional means of security don’t offer granular protection that allows for seamless data use 3
4 1. Classify 2. Discovery 3. Protect 4. Enforce 5. Monitor Five Point Data Protection Methodology
5 1 Classify Determine what data is sensitive to your organization.
1. Classify 6 Data is classified as sensitive and must be protected in response to Laws and regulations such as PCI DSS, HIPAA, State Privacy Laws and others. Companies may also have Intellectual Property and other Company Secrets that must be secured against the competition. All companies have sensitive data about their Customers and about their Employees.
1. Classify: Examples of Sensitive Data 7 Sensitive Information Compliance Regulation / Laws Credit Card Numbers PCI DSS Names HIPAA, State Privacy Laws Address HIPAA, State Privacy Laws Dates HIPAA, State Privacy Laws Phone Numbers HIPAA, State Privacy Laws Personal ID Numbers HIPAA, State Privacy Laws Personally owned property numbers HIPAA, State Privacy Laws Personal Characteristics HIPAA, State Privacy Laws Asset Information HIPAA, State Privacy Laws Breach notification laws are often the catalyst for a deep audit in companies resulting in large fines.
HIPAA PHI: List of 18 Identifiers 1. Names 2. All geographical subdivisions smaller than a State 3. All elements of dates (except year) related to individual 4. Phone numbers 5. Fax numbers 6. Electronic mail addresses 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 8 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers 13. Device identifiers and serial numbers 14. Web Universal Resource Locators (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger prints 17. Full face photographic images 18. Any other unique identifying number
PCI DSS (Payment Card Industry Data Security Standard) Build and maintain a secure network. 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect cardholder data. 3. Protect stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks Maintain a vulnerability management program. 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement strong access control measures. 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly monitor and test networks. 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an information security policy. 12. Maintain a policy that addresses information security 9
10 2 Discovery Discover where the sensitive data is located, how it flows, who can access it, the performance requirements and other requirements for protection.
The Discovery process peers into the enterprise to find sensitive data in preparation for delivering an optimal protection solution. • Existing Sensitive Data • New Sensitive Data • Archived Data 2. Discovery 11
2. Discovery in a large enterprise with many systems 012 System System Corporate Firewall System System System System System 012 System System System System System System Focus on systems that contain sensitive data
2. Discovery: Determine the context to the Business 013 System System Corporate Firewall System System 013 System System System Retail Employees Corporate IP Healthcare
2. Discover: Context to the Business and to Security 014 Stores & Ecommerce Corporate Firewall Applications Processing Retail Transactions Research Databases Customer Data Protection Solution Requirements File Server containing IP File Server landing zone for store and e- commerce transactions Sensitive data in columns in databases Sensitive data in Hadoop Stores and e-commerce collecting transactions
15 3 Protect Protect the sensitive data at rest and in transit.
Big Data and The Insider Threat 16
Privacy Laws (See Appendix) 54 International Privacy Laws 30 United States Privacy Laws 17
Financial Services - Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCI Data Security Standard, and the Basel II Accord (EU) Healthcare and Pharmaceuticals - HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11 Infrastructure and Energy - Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT) Federal Government - Compliance with FISMA and related NSA Guidelines and NIST Standards Select US Regulations for Security and Privacy 18
Oracle’s Big Data Platform 019 Source: http://www.oracle.com/us/technologies/big-data/index.html
Software on Oracle Big Data Appliance 20 Source: http://www.oracle.com/us/products/database/big-data-for-enterprise-519135.pdf
Software Layout - Oracle Big Data Appliance 21 Source: 04_Oracle_Big_Data_Appliance_Deep_Dive.pdf
Hadoop - Protection Beyond Kerberos Data Access Framework Pig Hive Sqoop Avro Data Storage Framework (HDFS) Data Processing Framework (MapReduce) BI Applications 22 Volume Encryption with Policy based access control of Files and Monitoring. Field level data protection with Policy based access control and Monitoring; existing and new data. API enabled Field level data protection with Policy based access control and Monitoring. API enabled Field level data protection with Policy based access control and Monitoring.
Many Ways to Hack Big Data Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 23 HDFS (Hadoop Distributed File System) MapReduce (Job Scheduling/Execution System) Hbase (Column DB) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Privileged Users Unvetted Applications Or Ad Hoc Processes
Table scans Encryption • Data Size • Data type • Performance (SLA) Analytics Inter-node data movement What’s the Problem with Securing Data? 24
Reduction of Pain with New Protection Techniques 25 1970 2000 2005 2010 High Low Pain & TCO Strong Encryption AES, 3DES Format Preserving Encryption DTP, FPE Vault-based Tokenization Vaultless Tokenization Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789
Protection Granularity: Field Protection 26 Production Systems Non-Production Systems Encryption • Reversible • Policy Control (authorized / Unauthorized Access) • Lacks Integration Transparency • Complex Key Management • Example Masking • Not reversible • No Policy, Everyone can access the data • Integrates Transparently • No Complex Key Management • Example 0389 3778 3652 0038 Vaultless Tokenization / Pseudonymization • Reversible • Policy Control (Authorized / Unauthorized Access) • Not Reversible • Integrates Transparently • No Complex Key Management • Business Intelligence Credit Card: 0389 3778 3652 0038 !@#$%a^.,mhu7///&*B()_+!@
Research Brief “Tokenization Gets Traction” Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Over the last 12 months, tokenization users had 50% fewer security-related incidents than tokenization non- users 28 Author: Derek Brink, VP and Research Fellow, IT Security and IT GRC
Enterprise Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 3872 3789 2990 3675 Numeric, First 6, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Account Num 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric, delimiters in input preserved SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Binary 0x010203 0x123296910112 Decimal 123.45 9842.56 Non length preserving Alphanumeric Indicator 5105 1051 0510 5100 8278 2789 299A 2781 Position to place alpha is configurable Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Multi-Merchant or Multi-Client ID 3872 3789 1620 3675 ID 1: 8278 2789 2990 2789 ID 2: 9302 8999 2662 6345 This supports delivery of a different token to different merchant or clients based on the same credit card number. 29
Protection Beyond Kerberos Data Access Framework Pig Hive Sqoop Avro Data Storage Framework (HDFS) Data Processing Framework (MapReduce) BI Applications 30 Volume Encryption with Policy based access control of Files and Monitoring. Field level data protection with Policy based access control and Monitoring; existing and new data. API enabled Field level data protection with Policy based access control and Monitoring. API enabled Field level data protection with Policy based access control and Monitoring.
Volume Encryption 31 HDFS MapReduce Protected with Volume Encryption Entire file is in the clear when analyzed
Volume Encryption + Gateway Field Protection 32 HDFS MapReduce Kerberos Access Control Granular Field Level Protection Protected with Volume Encryption Data Protection File Gateway
Volume Encryption + Internal MapReduce Field Protection 33 HDFS MapReduce Kerberos Access Control Granular Field Level Protection Protected with Volume Encryption Hadoop Staging MapReduce
34 4 Enforce Policies are used to enforce rules about how sensitive data should be treated in the enterprise.
4. Enforce 35 The goal of policy enforcement is to; 1. Hide sensitive data from un-authorized users but disclose sensitive data to authorized users. 2. Deliver the minimum information to an individual or a process who needs the information to accomplish a task. Least Privilege by NIST. 3. Collect information about who is attempting to access sensitive data – both authorized and unauthorized.
A Data Security Policy 36 What is the sensitive data that needs to be protected. Data Element. How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who should have access to sensitive data and who should not. Security access control. Roles & Members. When should sensitive data access be granted to those who have access. Day of week, time of day. Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect. What Who When Where How Audit
4. Enforce Enterprise Data Warehouse Big Data Clusters 37 Privileged Users Corporate Firewall Access Control External User & ProcessesBusiness Application Users Bad Guys Data Protection Policy
Volume Encryption + Field Protection + Policy Enforcement 38 HDFS Protected with Volume Encryption MapReduce Data Protection Policy
4. Authorized User Example 39 Presentation to requestor Name: Joe Smith Address: 100 Main Street, Pleasantville, CA Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Data Scientist, Business Analyst Policy Enforcement Does the requestor have the authority to access the protected data? AuthorizedRequest Response
4. Un-Authorized User Example 40 Request Response Presentation to requestor Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Privileged Used, DBA, Syste m Administrators Policy Enforcement Does the requestor have the authority to access the protected data? Not Authorized
41 5 Monitor A critically important part of a security solution is the ongoing monitoring of any activity on sensitive data.
5. Monitor 42 Policy enforcement collects information in the form of audit logs about any activity on sensitive data. Monitoring enables security personnel to gain insights on what’s going on with your sensitive data. It enables the understanding of what’s normal and what’s not normal activity on sensitive data.
De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare Data – Primary Care Data Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Protection methods can be equally applied to the actual healthcare data, but not needed with de-identification 43
Best Practices for Protecting Big Data Start Early – Don’ wait until you have terabytes of sensitive data in Hadoop before starting your Big Data protection program. Granular protection in addition to access control and volume protection. Future proof your protection. Select the optimal protection for today and for the future. Enterprise coverage to ensure nothing is left vulnerable. Protection against insider threat is more important today than ever before. Can only achieve this through granular data protection techniques. You can protect highly sensitive data while in a way that is mostly transparent to the analysis process. Policy based protection provides a shield to your sensitive data while recording all events on that data. 44
Proven enterprise data security software and innovation leader • Sole focus on the protection of data Growth driven by risk management and compliance • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws Successful across many key industries Introduction to Protegrity 45
How Protegrity Can Help 46 1 2 3 4 5 We can help you Classify the sensitive data that needs to be secured in your enterprise. We can help you Discover where the sensitive data sits in your environment and design the optimal security solution. We can help you Protect your sensitive data with a flexible set of protectors and protection methods. We can help you Enforce policies that will enable business functions while preventing sensitive data from getting in the wrong hands. We can help you Monitor activity on sensitive data to gain insights on abnormal behaviors.
Please contact me for more information Ulf . Mattsson [at] protegrity . Com Info@protegrity.com www.protegrity.com

Recomendados

Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
Ulf Mattsson
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
Ulf Mattsson
 

Recomendados

Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
Ulf Mattsson
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
Ulf Mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
Ulf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Ulf Mattsson
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
Ulf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
Ulf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
Ulf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 
Future data security ‘will come from several sources’
Future data security ‘will come from several sources’Future data security ‘will come from several sources’
Future data security ‘will come from several sources’
John Davis
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at Brighttalk
Ulf Mattsson
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
Ulf Mattsson
 

Mais conteúdo relacionado

Mais procurados

Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Ulf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 

Mais procurados (20)

Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Future data security ‘will come from several sources’
Future data security ‘will come from several sources’Future data security ‘will come from several sources’
Future data security ‘will come from several sources’
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 

Semelhante a New york oracle users group 2013 spring general meeting ulf mattsson

Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and Strategies
Ulf Mattsson
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
Denitsa Dimova
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 

Semelhante a New york oracle users group 2013 spring general meeting ulf mattsson (20)

BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at Brighttalk
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and Strategies
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 

Mais de Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Book
BookBook
Book
Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 

Mais de Ulf Mattsson (18)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

New york oracle users group 2013 spring general meeting ulf mattsson

  • 1. Bridging the Gap Between Privacy and Data Insight Ulf Mattsson CTO, Protegrity ulf . mattsson [at] protegrity . com
  • 2. 2 Security Analysis Customer Support Customer Profiles Sales & Marketing Social Media Business Improvement Big Data Regulations & Breaches Increased profits Increased profits Increased profits Increased profits Increased profits Balancing security and data insight
  • 3. Balancing security and data insight Tug of war between security and data insight Big Data is designed for access, not security Privacy regulations require de-identification which creates problems with privileged users in an access control security model Only way to truly protect data is to provide data- level protection Traditional means of security don’t offer granular protection that allows for seamless data use 3
  • 4. 4 1. Classify 2. Discovery 3. Protect 4. Enforce 5. Monitor Five Point Data Protection Methodology
  • 5. 5 1 Classify Determine what data is sensitive to your organization.
  • 6. 1. Classify 6 Data is classified as sensitive and must be protected in response to Laws and regulations such as PCI DSS, HIPAA, State Privacy Laws and others. Companies may also have Intellectual Property and other Company Secrets that must be secured against the competition. All companies have sensitive data about their Customers and about their Employees.
  • 7. 1. Classify: Examples of Sensitive Data 7 Sensitive Information Compliance Regulation / Laws Credit Card Numbers PCI DSS Names HIPAA, State Privacy Laws Address HIPAA, State Privacy Laws Dates HIPAA, State Privacy Laws Phone Numbers HIPAA, State Privacy Laws Personal ID Numbers HIPAA, State Privacy Laws Personally owned property numbers HIPAA, State Privacy Laws Personal Characteristics HIPAA, State Privacy Laws Asset Information HIPAA, State Privacy Laws Breach notification laws are often the catalyst for a deep audit in companies resulting in large fines.
  • 8. HIPAA PHI: List of 18 Identifiers 1. Names 2. All geographical subdivisions smaller than a State 3. All elements of dates (except year) related to individual 4. Phone numbers 5. Fax numbers 6. Electronic mail addresses 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 8 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers 13. Device identifiers and serial numbers 14. Web Universal Resource Locators (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger prints 17. Full face photographic images 18. Any other unique identifying number
  • 9. PCI DSS (Payment Card Industry Data Security Standard) Build and maintain a secure network. 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect cardholder data. 3. Protect stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks Maintain a vulnerability management program. 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement strong access control measures. 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly monitor and test networks. 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an information security policy. 12. Maintain a policy that addresses information security 9
  • 10. 10 2 Discovery Discover where the sensitive data is located, how it flows, who can access it, the performance requirements and other requirements for protection.
  • 11. The Discovery process peers into the enterprise to find sensitive data in preparation for delivering an optimal protection solution. • Existing Sensitive Data • New Sensitive Data • Archived Data 2. Discovery 11
  • 12. 2. Discovery in a large enterprise with many systems 012 System System Corporate Firewall System System System System System 012 System System System System System System Focus on systems that contain sensitive data
  • 13. 2. Discovery: Determine the context to the Business 013 System System Corporate Firewall System System 013 System System System Retail Employees Corporate IP Healthcare
  • 14. 2. Discover: Context to the Business and to Security 014 Stores & Ecommerce Corporate Firewall Applications Processing Retail Transactions Research Databases Customer Data Protection Solution Requirements File Server containing IP File Server landing zone for store and e- commerce transactions Sensitive data in columns in databases Sensitive data in Hadoop Stores and e-commerce collecting transactions
  • 15. 15 3 Protect Protect the sensitive data at rest and in transit.
  • 16. Big Data and The Insider Threat 16
  • 17. Privacy Laws (See Appendix) 54 International Privacy Laws 30 United States Privacy Laws 17
  • 18. Financial Services - Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCI Data Security Standard, and the Basel II Accord (EU) Healthcare and Pharmaceuticals - HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11 Infrastructure and Energy - Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT) Federal Government - Compliance with FISMA and related NSA Guidelines and NIST Standards Select US Regulations for Security and Privacy 18
  • 19. Oracle’s Big Data Platform 019 Source: http://www.oracle.com/us/technologies/big-data/index.html
  • 20. Software on Oracle Big Data Appliance 20 Source: http://www.oracle.com/us/products/database/big-data-for-enterprise-519135.pdf
  • 21. Software Layout - Oracle Big Data Appliance 21 Source: 04_Oracle_Big_Data_Appliance_Deep_Dive.pdf
  • 22. Hadoop - Protection Beyond Kerberos Data Access Framework Pig Hive Sqoop Avro Data Storage Framework (HDFS) Data Processing Framework (MapReduce) BI Applications 22 Volume Encryption with Policy based access control of Files and Monitoring. Field level data protection with Policy based access control and Monitoring; existing and new data. API enabled Field level data protection with Policy based access control and Monitoring. API enabled Field level data protection with Policy based access control and Monitoring.
  • 23. Many Ways to Hack Big Data Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 23 HDFS (Hadoop Distributed File System) MapReduce (Job Scheduling/Execution System) Hbase (Column DB) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Privileged Users Unvetted Applications Or Ad Hoc Processes
  • 24. Table scans Encryption • Data Size • Data type • Performance (SLA) Analytics Inter-node data movement What’s the Problem with Securing Data? 24
  • 25. Reduction of Pain with New Protection Techniques 25 1970 2000 2005 2010 High Low Pain & TCO Strong Encryption AES, 3DES Format Preserving Encryption DTP, FPE Vault-based Tokenization Vaultless Tokenization Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789
  • 26. Protection Granularity: Field Protection 26 Production Systems Non-Production Systems Encryption • Reversible • Policy Control (authorized / Unauthorized Access) • Lacks Integration Transparency • Complex Key Management • Example Masking • Not reversible • No Policy, Everyone can access the data • Integrates Transparently • No Complex Key Management • Example 0389 3778 3652 0038 Vaultless Tokenization / Pseudonymization • Reversible • Policy Control (Authorized / Unauthorized Access) • Not Reversible • Integrates Transparently • No Complex Key Management • Business Intelligence Credit Card: 0389 3778 3652 0038 !@#$%a^.,mhu7///&*B()_+!@
  • 27. Research Brief “Tokenization Gets Traction” Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Over the last 12 months, tokenization users had 50% fewer security-related incidents than tokenization non- users 28 Author: Derek Brink, VP and Research Fellow, IT Security and IT GRC
  • 28. Enterprise Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 3872 3789 2990 3675 Numeric, First 6, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Account Num 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric, delimiters in input preserved SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Binary 0x010203 0x123296910112 Decimal 123.45 9842.56 Non length preserving Alphanumeric Indicator 5105 1051 0510 5100 8278 2789 299A 2781 Position to place alpha is configurable Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Multi-Merchant or Multi-Client ID 3872 3789 1620 3675 ID 1: 8278 2789 2990 2789 ID 2: 9302 8999 2662 6345 This supports delivery of a different token to different merchant or clients based on the same credit card number. 29
  • 29. Protection Beyond Kerberos Data Access Framework Pig Hive Sqoop Avro Data Storage Framework (HDFS) Data Processing Framework (MapReduce) BI Applications 30 Volume Encryption with Policy based access control of Files and Monitoring. Field level data protection with Policy based access control and Monitoring; existing and new data. API enabled Field level data protection with Policy based access control and Monitoring. API enabled Field level data protection with Policy based access control and Monitoring.
  • 30. Volume Encryption 31 HDFS MapReduce Protected with Volume Encryption Entire file is in the clear when analyzed
  • 31. Volume Encryption + Gateway Field Protection 32 HDFS MapReduce Kerberos Access Control Granular Field Level Protection Protected with Volume Encryption Data Protection File Gateway
  • 32. Volume Encryption + Internal MapReduce Field Protection 33 HDFS MapReduce Kerberos Access Control Granular Field Level Protection Protected with Volume Encryption Hadoop Staging MapReduce
  • 33. 34 4 Enforce Policies are used to enforce rules about how sensitive data should be treated in the enterprise.
  • 34. 4. Enforce 35 The goal of policy enforcement is to; 1. Hide sensitive data from un-authorized users but disclose sensitive data to authorized users. 2. Deliver the minimum information to an individual or a process who needs the information to accomplish a task. Least Privilege by NIST. 3. Collect information about who is attempting to access sensitive data – both authorized and unauthorized.
  • 35. A Data Security Policy 36 What is the sensitive data that needs to be protected. Data Element. How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who should have access to sensitive data and who should not. Security access control. Roles & Members. When should sensitive data access be granted to those who have access. Day of week, time of day. Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect. What Who When Where How Audit
  • 36. 4. Enforce Enterprise Data Warehouse Big Data Clusters 37 Privileged Users Corporate Firewall Access Control External User & ProcessesBusiness Application Users Bad Guys Data Protection Policy
  • 37. Volume Encryption + Field Protection + Policy Enforcement 38 HDFS Protected with Volume Encryption MapReduce Data Protection Policy
  • 38. 4. Authorized User Example 39 Presentation to requestor Name: Joe Smith Address: 100 Main Street, Pleasantville, CA Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Data Scientist, Business Analyst Policy Enforcement Does the requestor have the authority to access the protected data? AuthorizedRequest Response
  • 39. 4. Un-Authorized User Example 40 Request Response Presentation to requestor Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Privileged Used, DBA, Syste m Administrators Policy Enforcement Does the requestor have the authority to access the protected data? Not Authorized
  • 40. 41 5 Monitor A critically important part of a security solution is the ongoing monitoring of any activity on sensitive data.
  • 41. 5. Monitor 42 Policy enforcement collects information in the form of audit logs about any activity on sensitive data. Monitoring enables security personnel to gain insights on what’s going on with your sensitive data. It enables the understanding of what’s normal and what’s not normal activity on sensitive data.
  • 42. De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare Data – Primary Care Data Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Protection methods can be equally applied to the actual healthcare data, but not needed with de-identification 43
  • 43. Best Practices for Protecting Big Data Start Early – Don’ wait until you have terabytes of sensitive data in Hadoop before starting your Big Data protection program. Granular protection in addition to access control and volume protection. Future proof your protection. Select the optimal protection for today and for the future. Enterprise coverage to ensure nothing is left vulnerable. Protection against insider threat is more important today than ever before. Can only achieve this through granular data protection techniques. You can protect highly sensitive data while in a way that is mostly transparent to the analysis process. Policy based protection provides a shield to your sensitive data while recording all events on that data. 44
  • 44. Proven enterprise data security software and innovation leader • Sole focus on the protection of data Growth driven by risk management and compliance • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws Successful across many key industries Introduction to Protegrity 45
  • 45. How Protegrity Can Help 46 1 2 3 4 5 We can help you Classify the sensitive data that needs to be secured in your enterprise. We can help you Discover where the sensitive data sits in your environment and design the optimal security solution. We can help you Protect your sensitive data with a flexible set of protectors and protection methods. We can help you Enforce policies that will enable business functions while preventing sensitive data from getting in the wrong hands. We can help you Monitor activity on sensitive data to gain insights on abnormal behaviors.
  • 46. Please contact me for more information Ulf . Mattsson [at] protegrity . Com Info@protegrity.com www.protegrity.com

Notas do Editor

  1. Risk Adjusted Data Protection simply means that you should protect data based on the risk of the sensitive data.You can determine your risk by deciding what is the value of the data to the bad guys and what is its exposure. For valuable data with wide exposure, such as a credit card number or SSN, you can protect with strong encryption like AES or by tokenizing. For your data that might have little or no value, but is still widely exposed, you can protect with monitoring or Data Type Preserving Encryption.This chart shows several approaches to protect sensitive data along with a set of criteria that we have found useful when comparing the merits of each method.- Performance and security are self explanatory Storage refers to the impact that a method has on storage. For example, strong encryption will require adding padding to the crypto text so that the final data will be larger than the original. When a data store is billions of records this can have an impact on the cost of the solution. Transparency refers to the degree to which a protection method effects business processes, applications, databases and any architecture. A protection method that is not transparent will require remediation to systems that are being protected. This could translate to higher protection costs. Tokenization has been gaining popularity due to it’s high transparent characteristics that are seen to reduce protection costs.For example, a system that has no data protection will have optimal performance because you’re not protecting anything and there’s no increased storage. It will require no system remediation, but it will have no security. This is basically the status quo.By contrast, using tokenization, you are not going to have any performance impact, or any increased storage because we are creating a unique token of the same type and length as the original data. With regard to security, tokenization gives you optimum security, and we’ll get into this later. From a transparency perspective, while it is not as transparent as using no protection, among other things, you are not introducing changes to your database schema.The message here really is that, as you change your security profile, there are a number of other factors that you’ll need to take into account.
  2. Joel – what do you do with the nodes - elastic
  3. Joel – what do you do with the nodes - elastic
  4. Joel – what do you do with the nodes - elastic
  5. Everything we do depends on the policy. The security policy is the foundation for protecting data. It is usually managed by the Security Officer. Think of it as the glue that binds distributed data protection throughout the enterprise. You can have one policy or many policies , but every policy includes the following core components:What: First you need to identify what you need to protect, i.e. credit card data, social security number and user names and passwords . This is the data element. And you can think of a data element as simply a label, such as CCN. It simply says I’m protecting credit card data.Who: This is your access control. Once you know what you want to protect, the “Who” determines who has access to the data and who doesn’t. We do this through Roles and we associate Members with Roles. We can take members from a number of sources, such as LDAP or Active Directory, a database or a flat file.When: We have a time parameter in our policy that enables us to control the day and the time of day when sensitive data can and cannot be accessed. It is completely customizable by role.Where: Where does the data exist? This is an important property that sets up apart. We need to know this to be able to deploy policy to our agent that enforces policy on the protection point. You might have many, many protection points, so we need to know where the policy needs to be deployed. It also enables us to pinpoint where unauthorized attempts at accessing sensitive data are taking place. And, when we talk about key management, we are the only platform that tracks where keys have been deployed.How: This is what everyone focuses on – how data is protected. This is another differentiator for us. We are not just a strong encryption vendor. We expanded our capabilities and we have a whole host of methods for protecting sensitive data. We do something that we call Risk Adjusted Data Protection that allows you to scale up or scale down your data protection based on the sensitivity of the data you’re trying to protect. We will discuss this later.Audit: Lastly, we have an auditing function. In the policy, the security officer sets up audit requirements that are carried out by the policy enforcement process. You can audit authorized or unauthorized users in addition to controlling operations such as insert, update and delete in a database scenario. You can make the Policy is as customized as you want it to be.This is policy based data security.
  6. Joel – what do you do with the nodes - elastic