• Save
SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution...
Upcoming SlideShare
Loading in...5
×
 

SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution...

on

  • 295 views

SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution...

SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution...

Statistics

Views

Total Views
295
Views on SlideShare
237
Embed Views
58

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 58

http://secureit.eletsonline.com 57
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • What all points data exits?Application – ERP, Mailing, PKI, Web Application, Project specific Database – Oracle, Sqletc, Have largest Databases in the world(UID)Storage – NAS, SANTape Drives – Quantum, HP etcNetworks
  • And the Data properties can be enormous i.e.Personal identifiable informationMedical records as part of Health dataPAN,CC etcFinger Print etcAnd so on.
  • “body corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;“reasonable security practices and procedures” means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;”
  • We know that encryption is essential to protecting sensitive data.It protects sensitive data, reducing the risk of the data and eases proof for compliance. When you use encryption to protect your data, you are also using cryptographic keys to manage that data. Keys provide the protection and the way to access the data; so, it is impossible to have one without the other. Poor key management is similar to leaving your front door unlocked. You’ve closed it so you feel that you are safe; however, you haven't locked it which prevents someone from just walking in. Its completely accessible to anyone and everyone. Key management provides the “prevention”.Behind every great encryption solution stands a key waiting to be used!

SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution... SecureIT 2014 - Data Security Protecting Businesses... - Anubhav Tyagi, Senior Solution... Presentation Transcript

  • 1 Securing Data A Proactive Approach Anubhav Tyagi Senior Solution Architect (India & SAARC) Anubhav.tyagi@safenet-inc.com
  • 2 A Different Mindset
  • 3 SafeNet ‘Secure Breach’ Survey  31% admitted that their perimeter has been breached  20% were not sure if they’d been breached.  38% believe unauthorized users currently have access to their networks.  65% think they will suffer a data breach within 3 years  59% believe if their perimeter is breached, their data would not be safe.  20% wouldn’t trust their own company with their personal data….
  • 4 Data Existence Applications Databases Storage Tape Drives Network
  • 5 Data Types PII Data HealthData Financial Data Biometric Data Property Data
  • 6 Data & Information – Examples CCTNS Treasury IGRS •Criminal Details •Lost or unauthorized property details •Passport Verification details •Ongoing cases details •Pictures, Biometric prints etc •Citizen information •Arms possession details •Financial Data in terms of •Debt Management •Loan Management •Treasury Data •Pension Details •Budgeting Details •Accounting Details •State Revenue Details •Revenue Disbursement Details •Property Details •Scanned Copy of Registry •Buyer Details •Seller Details •Fingerprints •Picture •Signatures
  • 7 Are these Data Elements Sensitive? What will happen if someone steals & misuse?
  • 8 Likely Misuse Scenario - 1  Query the system to show the Top 10 transactions by value in last 10-days > Does the information published on a Website or any other public media lead to uncomfortable situation for the parties involved? Once done, does it facilitate someone with criminal mindset to make demands on the parties involved? >
  • 9 Likely Misuse Scenario - 2  Query the system to show list of people with highest number of properties Once done, does it facilitate someone with criminal mindset to misuse the information. Does the information published on a Website or any other public media lead to uncomfortable situation for the parties involved? > >
  • 10 Oops, did I spill your data? Disgruntled Employees Amateur -> Organized • Hacktivists, • Cyber Criminals Nations
  • 11 IT-ACT OF INDIA Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person to affected  So What? Financial Penalties to the Organization Loss of Reputation for the Department But most importantly……..
  • 12 “TRUST”
  • 13 Is it something to…. “THINK”? Do we Need to SECURE these Data Elements? HOW?
  • 14 Protection needs to be centered on data itself Data Confidentiality Integrity of digitized information Non Repudiation In Transactions Authenticity Data-centric Protection Security Strategy Objectives
  • 15 Behind every great encryption solution stands a key waiting to be used C I N R A Encryption is an essential process to protect sensitive data, provide risk management, and ease proof of compliance.
  • 16 “THE ULTIMATE DEFENSE” ENCRYPTION WITH SECURE KEY MANAGEMENT Sensitive Data
  • 17 A New Mindset is Needed  Sole Perimeter Security is No Longer Enough  Breaches Will Happen and We Must Prepare Differently  Data is the New Perimeter  Encryption with Secure Key Management  AND…….
  • 18 Security = Enablement
  • 19 Thank You Anubhav Tyagi Senior Solution Architect (India & SAARC) Anubhav.tyagi@safenet-inc.com