Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Designing for Data Security by Karen Lopez


Published on

As security and complaince becomes more important for organizations, especially in the age of GDPR, data breach and other legislation, Karen covers the types of features data architects and designers should be considering when building modern, protected and defensive systems.

Published in: Data & Analytics

Designing for Data Security by Karen Lopez

  1. 1. Designing For Data Security Karen Lopez, InfoAdvisors
  2. 2. #TeamData
  3. 3. @Astro_DavidS
  4. 4. “Every design decision comes down to cost, benefit and risk.” - Karen Lopez
  5. 5. Mandatory Slide Ones and zeros … With a HAND!
  6. 6.  Day one  Collaborative  Responsible  Compliant  Required  Governed Security & Privacy by Design
  7. 7. Ready for 25 May? How can we get started? Can you help us get certified? Do you have software for this? Do you have a couple of weeks to help us get this done?
  8. 8.  No Methodology  No Models  Misfocused Management  No Measurement  Too Much Madness How Does this happen?
  9. 9.  Methodology  Models  Management  Measurement  Madness How Do We Mitigate?
  10. 10. Security at the data level Models capture security & privacy requirements Management reports of reviews Measurement In other words, Governance Methodology?
  11. 11. Data Quality is Also Data Protection
  12. 12. Security & Privacy in the DB and Data Models
  13. 13. Obligatory Hacker in a Hoodie Photo….
  14. 14. Security – Always Encrypted
  15. 15. Why would a DB Designer love it? Always Encrypted, yup Allows designers to not only specify which columns need to be protected, but how Parameters are encrypted as well Built in to the engine, easier for Devs
  16. 16. Dynamic Data Masking
  17. 17. Privacy -Dynamic Data Masking CREATE TABLE Membership( MemberID int IDENTITY PRIMARY KEY, FirstName varchar(100) MASKED WITH (FUNCTION = 'partial(1,"XXXXXXX",0)') NULL, LastName varchar(100) NOT NULL, Phone# varchar(12) MASKED WITH (FUNCTION = 'default()') NULL, Email varchar(100) MASKED WITH (FUNCTION = 'email()') NULL); INSERT Membership (FirstName, LastName, Phone#, Email) VALUES ('Roberto', 'Tamburello', '555.123.4567', ''), ('Janice', 'Galvin', '555.123.4568', ''), ('Zheng', 'Mu', '555.123.4569', '');
  18. 18. Why would a Data Designer love it? Allows central, reusable design for standard masking Offers more reliable masking and more usable masking Removes whining about “we can do that later”
  19. 19. Security – Row Level Security
  20. 20. Why would a Data Designer love it? Allows a designer to do this sort of data protection IN THE DATABASE, not just rely on code. Many, many pieces of code.
  21. 21. Data Cataloging Scan-based AI-based Metadata! Data profiling
  22. 22. Data Classification/Categorization Syntax-based Sematic-based AI-based Data Profiling vs. Data Naming
  23. 23. Watson
  24. 24. What should we STOP doing? Nobody ever talks about this….
  25. 25. SQL Injection  WE ARE STILL DOING THIS!  IT’S STILL THE #1 (but unsecured storage is getting more popular)  TEST. TEST SOME MORE  Automated Testing  Governance is important
  26. 26. Auto-incremental Data Access
  27. 27. Test Data Bad Restoring Production to Development Restoring Production, with Masking Restoring Production, with Randomizing Restoring Production…anywhere Better Design Test Data Lorem Ipsum for Data Really, Design Test Data
  28. 28. Only Generalists No other profession uses this approach. The Body of Knowledge and the Required skillsets in IT and IS is too broad and changes to rapidly.
  29. 29. Trusting good people Good people don’t always stay that way People mess up Monitoring Checking Automatic alerting
  30. 30. What Skills Do Data Professionals Need for Data Protection? No one ever talks about this….
  31. 31. RO I
  32. 32. Data Protection and Security Level: Active Skills  Security Requirements  Security Techniques  Where to apply them  Whose Job is it?  Security testing & Validation  Security By Design  Data Governance
  33. 33. Big Data and Analytics Level: Literacy and Hands On Why: These new technologies and techniques are making it mainstream in most shops, whether they are installed or software as a service. Plus, we need to use them on our own data Who: All IT roles, especially data stewarding ones.
  34. 34. Literacy with Deep Learning, AI, Machine Learning Level: Literacy +++  How are they used?  What are the real life uses today?  Future uses  Privacy and Security requirements  Compliance trade-offs  Employee Monitoring
  35. 35. Data Quality & Reliability Level: Active Skills  Is the data right?  Is it current?  Should it be there at all?  Do we Know where it came from?  Do we know it was calculated correctly?  Are there any know anomalies?
  36. 36. How can we do all this? Cloud Services are a fantastic way to learn and get hands on skills. Online Tutorials are often free and self guided Learn from Experts & Case Studies Deprioritize tasks that are really just being done for tradition Hire help Automate away some tasks to make more time
  37. 37. One more time… Every Design Decision must be based on Cost, Benefit and Risk
  38. 38. Thank you! Go out and be great…and secure. Karen Lopez - @DataChick