Watch full webinar here: https://bit.ly/3xWXuSN
Malgré le besoin croissant d'agilité, les entreprises restent réticientes à héberger leur données sensibles dans le Cloud pour des raisons de sécurité. Par ailleurs, le chiffrement basique ne suffit plus, car masquer la donnée ou la fournir de façon partielle empêche son utilisation.
La cryptographie avancée associée à la Logical Data Fabric constitue un duo gagnant pour intensifier l’utilisation de ces données sensibles dans le Cloud tout en garantissant le maximum de sécurité et de confidentialité. D’une part, la Logical Data Fabric permet aux organisations ayant un écosystème hybride d’accéder à l’ensemble de leur patrimoine data en temps réel tout en étalissant des politiques de sécurité, alors que la cryptographie avancée permet de stocker les données chiffrées dans le cloud, même pendant son utilisation, tout en y incluant des droits d’accès.
Rejoignez ce webinar pour découvrir :
- Les enjeux d’accès et de partage des données dans les environnements hybrides et multiclouds.
- Comment la Logical Data Fabric de Denodo simplifie l’adoption du Cloud grâce à un point unique d’accès à la donnée tout en fournissant une couche de sécurité et de gouvernance.
- Comment les fonctionnalités avancées de la cryptographie de Cosmian se différencient des approches traditionnelles de chiffrement.
- Une démo live sur comment la cryptographie applicative permet de créer des politiques de sécurité et d’accès aux données dans des environnements zéro trust.
Decoding Loan Approval: Predictive Modeling in Action
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la migration vers le Cloud de vos données sensibles
1. WEBINAR
Cryptographie avancée et
Logical Data Fabric :
Accélérez le partage et la migration vers le
Cloud de vos données sensibles
Bruno Grieder
CTO & Co-founder,
Cosmian
Vincent Fages-Gouyou
Director of Product Management EMEA,
Denodo
2. Agenda
1. Modern Enterprise’s Data Dilemma
2. Architectures & what Cloud strategy?
3. Understanding the Denodo’s Logical Data Fabric
4. Don’t forget Security & Sovereignty
5. Cosmian’s advance cryptographic technology
6. Cosmian’s ABE embedded in Denodo
7. Live demo
4. 4
The Enterprise’s Data Dilemma
Rising Volume of data
▪ 90% of the data have been produced in the past 2 years
▪ 40 zettabytes of Data by end 2020 (5 200GB / person on earth)
▪ Every person will be generating 1.7 MB data / second In 2020
▪ It will take 181 million years for a person to download all those Data
Rising Business challenges with Data
▪ Poor data quality costs business between $9 M to $14 M a year
▪ Bad data is estimated to cost US only $3 trillion a year
▪ 97% of organization are investing in AI & Big Data
▪ 93% have multi-cloud & hybrid strategy
▪ Data Scientists waste 75% looking for Data
Get value out of the data in a agile mode
▪ Embrace predictive and prescriptive analytics
▪ Use all data assets available
▪ Reduce Time to Market (TTM) and Time to Data (TTD)
▪ Empower Self-Service strategies to reduce IT bottlenecks and
shadow IT
Reduces costs while insuring governance & security
▪ Reduce HW and operational cost of data management (e.g. cloud)
▪ Pivot to less costly data management techniques when possible
▪ Prevents data leaks and complies with existing regulations
Rising complexity of data
▪ Eclectic mix of old and new data; every structure imaginable
▪ Generated and integrated, from batch to real time
▪ Traditional data from enterprise apps, web, third-parties
▪ New sources of data from machines, social media, IoT
Rising complexity of data management solutions
▪ Mix of home grown, vendor built, open source
▪ Multi-platform architectures; distributed and heterogeneous;
on premises or cloud; from relational to Hadoop
▪ Hybrid and diverse in the extreme.
Business IT
5. 5
Enterprise’s Data Delivery Architecture
Data Science
Data Quality ML / AI
Locations
Data Sources
OLAP
Visualisation
Denodo Proprietary and Confidential
6. 6
The Dream of Monolithic Data Centralization
▪ Physically centralize all data in a single
location
▪ Examples: Data Warehouse, Data Lake,
Data LakeHouse, Cloud Data
Warehouse
▪ Attractive for its simplicity, it also
comes with many challenges
Denodo Proprietary and Confidential
7. 7
Limits of Monolithic Architectures: Slow and Rigid
▪ Need to ingest all data in a new system
▪ Existing analytics systems cannot be reused
▪ Data is replicated for every different purpose / use case
▪ Changes require modifying pipelines and datasets at multiple stages
Denodo Proprietary and Confidential
8. 8
Cloud Monolithic Data Centralization
Benefits
▪ Brings more flexibility & scalability
▪ Access from anywhere
▪ Lower cost of operations
But
▪ New data silos
▪ Vendor lock-in risk
▪ Data latency
▪ Regulatory compliance & Security concerns
Denodo Proprietary and Confidential
10. 10
§ Complexity
§ Duplication
§ Increased costs
§ Multiple security models
§ Skill sets required
§ Integration
Challenges of Multi-Cloud Strategy: Back to square #1 !
10
11. 12
Enterprise’s Logical Data Fabric
Data Science
Data Quality ML / AI
Locations
Data Sources
OLAP
Visualisation
Governance, Metadata Management, Data Mart
Security
Data Access
Data Virtualization Data Services
Denodo Proprietary and Confidential
12. 13
Denodo’s Logical Data Fabric
§ Based on Data Virtualization technology which abstracts
data consumers from where data is located and how it is
represented in the source systems.
§ It allows building a business semantic layer on top of
multiple distributed data sources of any type without the
requirement of replicating data into a central repository.
§ It enables the implementation of enterprise wide data
sharing and security policies at every levels of integration,
on consumer side, in the semantic layer, at the data source.
§ This semantic layer can be accessed in a secure and
governed manner by consumers using a variety of standard
methods such as SQL, REST, OData, GraphQL or MDX.
§ It’s the foundation for distributed and logical architectures
Denodo Proprietary and Confidential
13. 15
Denodo’s Logical Data Fabric
Federation
Transformation
Abstraction
Data Service Dynamic Query
Optimization
Cost Based
Optimizer
Query
Rewriting
Caching MPP
Security &
Governance
Lifecycle
Management
Data Catalog
Discover
Collaborate
Query
Categorize
Denodo Proprietary and Confidential
14. 16
A Modern Data Virtualization Architecture
DATA CATALOG
Discover - Explore - Document
{ API ACCESS }
RESTful / OData
GraphQL / GeoJSON
SQL
DATA VIRTUALIZATION
CONNECTIVITY
Traditional
DB & DW
150+
data
adapters
Cloud
Stores
Hadoop
& NoSQL
OLAP Files Apps Streaming SaaS
Query
Optimization
Security
AI/ML Governance
Semantic
Layer
DATA OPPS
Deployment
Cloud PaaS
Containers/K8
On-Prem
Monitoring
Scheduling
Version Control
DEVELOPMENT
MODELING
DELIVERY
SOLUTION MANAGER
Real Time
Smart Query
Acceleration
Caching
MPP Engine
MDX Access
Denodo Cubes
CONSUMERS
LOGICAL
DATA
FABRIC
SOURCES
15. 17
Security Architecture
DATA CATALOG
Discover - Explore - Document
{ API ACCESS }
RESTful / OData
GraphQL / GeoJSON
SQL
Traditional
DB & DW
150+
data
adapters
Cloud
Stores
Hadoop
& NoSQL OLAP Files Apps Streaming SaaS
MDX Access
Denodo Cubes
CONSUMERS
LOGICAL
DATA
FABRIC
SOURCES
Schema-wide permission Tag-Based Policy Security
(Including integration with entitlement systems)
LDAP / Active
Directory
External Identity
Providers
Encrypted Data at Rest
Cache / Swap
Authentication
• User/Password and token based
• Kerberos, SAML, OpenID and Oauth (JDBC, ODBC & Web services)
• SSO and two-factor authentication
Data in Motion
• TLS 1.2
• SSL
Data in Motion
• TLS 1.2
• SSL
Authentication
• Pass-Through authentication (user/password,
Kerberos) and service accounts
• Web Service Security: SAML, OAuth, SPNEGO
Role-Based authorization
(guest, employee, corporate)
Data-Specific Permissions
(Row and column level including masking)
Edge Data Ciphering
ABE / KMS
21. 24
REST API / TSL
Cosmian KMS & Edge Embedded ABE Engine
Open Source
Java Client
https://github.com/Cosm
ian/cosmian_java_lib
• Create Policy
• Request Keys
• Encryption
• Descryption
ABE Crypto Engine
Confidential Data
Intelligence Platform
Secure Enclave
KMS K1
K2
N
1
N
1
N
2
REST HTTPS
22. 25
Denodo’s, Role & Tag Base Data Access Protection
API / TSL
Protected Source
Protected Source
N
1
N
2
JDBC
REST/JSON
KMIP / TSL
Finance
HR
K1 K2
Open Source
Java Client Library
ABE Crypto Engine
Confidential Data
Intelligence Platform
Secure Enclave
KMS K1
K2
N
1
N
1
N
2
Attributes
N
2
N
1
Custom Function & Policy
• Get User Key uid
• Build JSON Policy
• Build JSON Access Policy
• Request Master Key
• Request User Key
• Encrypt with Attributes
• Decrypt
23. 26
Denodo’s Tag-based Policies
§ The semantic layers enforces standardized
data models and consistency across domains
§ Centrally enforce semantic, tag-based
security policies
§ Completely abstracted from specific tables
§ Easier to manage and less error prone
§ E.g mask the #SSN with *** for HR and Finance
§ Advanced Cryptographic integration
§ Allows for implementation of semantic
security rules across the data landscape,
independent of technologies underneath
24. 27
JSON Master Policy Definition
ABE Security Policy Definition
Top Secret
High Secret
Medium Secret
Low Secret
R&D HR MKG FIN
Min
Max
Security
Level
hirarchy
Department (no hirarchy)
27. 30
Cipher Data Virtualization
RDMS
SAS
API
Cipher Join
Decrypt Role Based
Views
Interfaces
Remote Tables
Contact
SQL
Cipher Data
Data Materialization
Remote Table
Synchronization
C1ph3r
API
Key UID
Portfolios
User Key
UID Open Source
Java Client Library
ABE Crypto Engine
Confidential Data
Intelligence Platform
Secure Enclave
KMS K1
K2
N
1
N
1
N
2
Attributes
N
2
N
1
Tag-based
Policies engine