ActiveBase Ltd. All Rights reserved ActiveBase Security™ Quick Tour Learn how ActiveBase Security™ helps you implement preventive security policies to protect application users from accessing confidential information, with no modifications to application code or changes to the database. Learn how to mask, scramble, hide, block and audit to protect data from outsourced DBA teams, developers or external QA. Get quick compliance to PCI, HIPAA and other regulations.
ActiveBase Ltd. All Rights reserved
$200 - Cost to company per compromised record
$6 Million - Average cost per data breach “incident”
34% of customers lost - Customers ceasing business with a company after a single privacy breach
45% of customers lost - Customers ceasing business when personal information is breached twice*
Source: Ponemon Institute, Privacy Rights Clearinghouse
Costs incurred by data breaches are soaring
ActiveBase Ltd. All Rights reserved
USA: Gramm-Leach-Bliley Act (GLB), HIPAA, California Security Breach Notice Statute and in others states
PCI Data Security Standard (section 3.3 masking and 3.4 encryption)
European Union: Personal Data Protection Directive
Fines and penalties focus on criminal misconduct
The Challenge: how to protect hundreds of applications and databases from business users, production support teams, DBAs, developers, offshore and outsourced teams while allowing them to do their job?
How to protect Personal Identifiable Information(PII) and keep up with increasing regulatory demands?
CISO Ultimate Security Weapon for protecting privacy and sensitive information Authorized User Dynamic Data Masking applies rules based on user context Database Containing Sensitive Data Unauthorized User A Unauthorized User B
Gartner defined a new category - “Dynamic Data Masking”, awarding ActiveBase the prestigious Cool Vendor award
“ Dynamic Data Masking” protects personal information from end-users who do not require to access it to perform their jobs.
ActiveBase ensures that each user will see the data according to his or her identification, role and responsibility.
Value in Database 3890-6784-2945-0093 3245-9999-2456-7658 Original Values 3890-6784-2945-0093 3245-9999-2456-7658 Scrambled Values 1234-6789-1000-4422 2233-6789-3456-5555 Masked Values xxxx-xxxx-xxxx-0093 xxxx-xxxx-xxxx-7658
ActiveBase engulfs the true meaning of Enterprise Security Intelligence “ ActiveBase is a Pioneer in Dynamic Data Masking” Source: Gartner
Control access, audit, alert, mask/scramble or block when personal information is accessed by: 1. Business Users: Part time employees, offshore workforce and business partners - restricting their access to business applications, training and reporting environments 2. External Users: SQL Injection, CPU vulnerability 3. IT Users: Production support, outsourced teams, developers and DBAs. ActiveBase Privacy Protection solution
ActiveBase Privacy Protection solution Control access, audit, alert, mask/scramble or block when personal information is accessed in: 1. Production environments : CRM, ERP, HR Apps, Billing, Datawarehouses, Training, Clones and replications 2. Non-production: development, QA, UAT 3. Public & Hybrid Cloud
ActiveBase solution overview
A protective security layer around applications, packaged reports and tools
Fully integrated with ActiveDirectory, application responsibilities, database rolls and IAM
Applies Row, Column and cell level security
Installed and configured within less than a day
Detailed audit trail and real-time alerts
Secures production database configurations
Supports all applications, reporting and development tools running on all Oracle and SQL Server databases (all versions)
How does Dynamic Data Masking work? Business User application screen Database Role-based anonymization and real-time prevention while maintaining operational efficiency across environments Select name from table1 (2)Select substring(name,1,2)||’***’ from table1 Dynamic Data Masking Layer applies real-time SQL Rewrite rules Application screens and tools used by Production support, DBAs, Outsourced or unauthorized workforce (1) Select name from table1 Values presented: BL**** JO**** KI**** Private Information stored in the database BLAKE JONES KING Values presented: BLAKE JONES KING
Define once, apply on many- restrict access per "table” “column” or “cell” across applications and tools ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved ActiveBase rules enable anonymizing personal information within business application screens, shortening implementation time to DAYS!
ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed by unauthorized users, outsourced and IT personnel with no changes to databases or application source-code
ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved Masking PII in every language Customer name is masked from the production support team
ActiveBase Ltd. All Rights reserved Masking PII accessed by development and DBA tools in production and training environments Names, credit card numbers and salary data are masked using ActiveBase Security
Production control gained using ActiveBase unique Informed Block™ functionality
Block or notify users before truncating tables in Prod or DMLDDL execution
Block requests before they penalize production performance (e.g., full scans or high parallel), also enabling to redirect automatically to a replication
Clear message presented in all tools and applications (multi-language support)
When an unauthorized users’ access to various environments needs to be audited and secured (consultants, contractors) – DAM and Access Control
When Different group of users need to see confidential information in different forms (based on their access level and ActiveDirectory grouping)
When Production Data needs to be accessed from offshore or when Production Support needs to be done internally or offshore
When un-authorized updates (inserts/ updates/ deletes) or ad-hoc queries from end users need to be prevented
When Audit Trail for all the transactions performed on the database (Who, When, What, From where or which application) is needed
When required to anonymize personal information in non-production environments.
ActivBase Ltd. All Rights reserved ActiveBase Personal Information Protection examples, implemented WITHIN DAYS!
Two optional ActiveBase deployment strategies DATABASE ActiveBase Process Option 2: Dedicated ActiveBase Servers act as hubs for multiple apps Option 1: Install on Database Server DATABASE Adds an additional security level by acting as a Database firewall on the DMZ, enabling network segmentation between users and the databases DATABASE DATABASE DATABASE ActiveBase Business applications, reporting, development and DBA tools DATABASE DATABASE DATABASE ActiveBase Management Console Central ActiveBase Audit and Reporting database
Comparing ActiveBase Security Masking with physical Masking tools
More Secure – In other masking solutions, sensitive information leaves production into staging unmasked (takes time until masking is performed while the data is unprotected). ONLY ActiveBase automatically protects ALL environments with a click of a mouse.
Secure everywhere – Immediately applied on ALL environments, with automatic rule propagation across instances – development, staging, replications, clones and backups
Faster masking – Physical masking takes weeks to complete and then needs to be rolled out to all environments – which also takes weeks to complete. ActiveBase anonymization is completed within days!
Simpler - No need to change your existing Export and ETL processes
Comparing ActiveBase Security with Encryption solutions
In production environments:
Encryption causes all business users to suffer from performance penalties and complexity -> just to secure several DBA’s…!?!
Encryption DOES NOT solve cases when production support team members access the application in production to solve problems!!!
ActiveBase protects data from DBAs with no interferance to the application or business users
In non-production environments:
Not applicable, as application screens need to be anonymized, and encryption DOES NOT anonymize PII in application screens
ActiveBase delivers a new level of personal information protection across production and non-production environments
Transparency - no need for changes to production databases or applications
Integrated with ActiveDirectory, responsibilities and rolls with rule propagation between different applications and across environments
Simple GUI and predefined rule sets enable security teams to be trained within a single day (No DBA skills required)
Quick installation, unique implementation methodology and Knowledge Packs for common business applications
Enables the securing of complex business application within days
ActiveBase provides fast ROI – addressing existing and future regulatory requirements across applications and environments
About ActiveBase > Founded in 2002 in Israel by experienced database veterans > More than 100 man years in R&D > More than 50 production installations worldwide > Protected by patent USPTO 7,676,516 > First production sites early 2004 > Cool Vendor award > SC Magazine US and Europe Awards 2011 finalist > Among our customers: