Watch full webinar here: https://bit.ly/3kT6HEN Security, data privacy, and data protection represent concerns for organizations that must comply with policies and regulations that can vary across regions, data assets, and personas. Data Virtualization offers a single logical point of access, avoiding point-to-point connections from consuming applications to the information sources. As a single point of data access for applications, it is the ideal place to enforce access security restrictions that can be defined in terms of the canonical model with a very fine granularity. Denodo has been successfully deployed in many organizations worldwide with strict security requirements. Those organizations benefit from Denodo's capabilities to customize security policies in the data abstraction layer, centralize security when data is spread across multiple systems residing both on-premises and in the cloud, or control and audit data access across different regions. Watch this on-demand session to: - Build enterprise-wide data access role model - Apply Dynamic Masking on your data on the fly - Use sophisticated masking algorithms to manage your non-production data sets

1. DENODO LUNCH & LEARN
27 JULY
SECURE YOUR DATA WITH
VIRTUAL DATA FABRIC

2. Presenters for this Session
Chris Day
Director, APAC Sales Engineering, Denodo
Regional Vice President, Sales, ASEAN & Korea, Denodo
Elaine Chan

3. Agenda
1. Secure Your Data with Virtual Data Fabric
2. Product Demonstration
3. Q&A
4. Next Steps
5. Closing

4. Secure Your Data with Virtual Data Fabric
Regional Vice President, Sales, ASEAN & Korea, Denodo
Elaine Chan

5. 5
Virtual Data Fabric

6. 6
How to Get More from Your Data in 2020, Jan 2020
A data fabric architecture is designed to stitch
together historical and current data across multiple
data silos to produce a uniform and unified
business view of the data.”

7. 7
Virtual Data Fabric
Consumers
Data
Science
Machine
Learning
Artificial
Intelligence
Mobile
Applications
Predictive
Analytics
Business
Intelligence
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Sources
Unified Data Security
Abstraction Layer
Universal Access
Self-Service
Data Catalog

8. 8
Unified Security Management
through Data Virtualization

9. 9
Unified Security Management
§ Data Virtualization offers an abstraction layer that decouples
sources from consumer applications
§ Single Point for accessing all the information avoiding point-to-
point connections to sources
§ As a single point of access, this is an ideal place to enforce
security and can be defined in terms of the canonical model
with a fine granularity

10. 10
Virtual Data Fabric
Consumers
Data
Science
Machine
Learning
Artificial
Intelligence
Mobile
Applications
Predictive
Analytics
Business
Intelligence
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Sources
Unified Data Data Masking
Abstraction Layer
Role based Authentication
LDAP
Active Directory
Encrypted data
In Cache
Data Specific Permissions

11. 11
Secure Data in Motion
§ Consumer to Denodo Platform (northbound):
Communications between consumer applications and
the Data Virtualization layer can be secured, typically
using of SSL (TLS 1.2)
§ Denodo Platform to Sources (southbound):
Specific security protocol depends on the
source e.g. SSL (TLS 1.2), HTTPS, sFTP, …

12. 12
Secure Data at Rest
§ Two locations with ‘data at rest’
§ Cache database
§ Memory swap files
§ Cache database
§ Use native database encryption mechanism to secure data
§ Memory swap files
§ Use native OS encryption to encrypt files in swap directory

13. 13
Pass-Through Credentials
§ Allows use of existing access permissions and rules in
underlying data sources.
§ Access permissions and rules in data source filter results from
query.
§ Data Virtualization layer permissions and rules imposed on
results from data source.
§ Results filtered by both sets of access controls are returned to
user.

14. 14
Role-Base Data Privacy
§ Control what data is visible based on user role
§ Roles can be imported from AD and LDAP
§ Roles can be organized in hierarchies
§ More complex logic also possible

15. 15
Row-level Restrictions
§ You can add restrictions to allow users to obtain only the
rows that match a certain condition.
Administrator can see all records User only see the data related to his location

16. 16
Dynamic Data Masking
§ The Dynamic Data Masking (DDM) technique intercepts queries sent to
the database and/or the database responses and applies some more or
less sophisticated logic to protect sensitive information when it’s
displayed for end-users in the application or BI tool.
§ For example, a credit card number might look like 1234 **** **** 5678
instead of the real value or an email address might be shown as
asXXXXX@denodo.com.

17. 17
Virtual Data Fabric
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Dynamic Data Masking Rules
Authorized users can
see the real data
Other users can only see
scrambled data

18. 18
Static Data Masking
§ Static Data Masking (SDM) is mostly used to physically replace
sensitive data at rest. The resulting protected dataset can be
distributed for development, testing, and education purposes.
§ The masking algorithms for the static approach are more complex
because we need to make sure that the data look real and can be
utilized for the testing but should not contain any sensitive data.

19. 19
Static Data Masking Functions
§ Random substitution of names, countries, cities from the dictionaries.
§ Random generation of cc numbers, phone number, SSNs etc.
§ Blurring for dates and account balances when the masked value of. For
example, date of birth, is N% higher or lower than the real value. This is
needed to preserve the original data distribution in testing/development
datasets.

20. 20
Virtual Data Fabric
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Static Data Masking Rules
Protected data In Remote Tables
Development Test Sandbox

21. 21
Auditing
§ Audit trail of all the queries and actions executed in the DV platform.
§ With this information it is possible to check at any time who has accessed which
resources, what changes have been made or what queries have been executed.

22. 22
Key Takeaways

23. 23
Single Entry Point
for Enforcing
Security and
Governance
Policies
Data on-premises
and off, combined
through the same
governed virtual
data fabric layer
Single Source of
Truth / Canonical
Views
Who is Doing /
Accessing What,
When and How
Fewer copies of
personal data.
Lineage of copies
is available.
Key Takeaways

24. Next Steps

25. 25
denodo.link/D2107

26. APAC Webinar | 19-Aug | 11am SGT
Bringing a Real-Time Flavor to Your
Enterprise Analytics
Katrina Briedis
Sales Engineering, Denodo
Sushant Kumar
Product Marketing Manager, Denodo
REGISTER NOW
denodo.link/WB2107

27. Thanks!
www.denodo.com info@denodo.com
© Copyright Denodo Technologies. All rights reserved
Unless otherwise specified, no part of this PDF file may be reproduced or utilized in any for or by any means, electronic or mechanical,
including photocopying and microfilm, without prior the written authorization from Denodo Technologies.